Mercurial Mercurial > public > mercurial-scm > hg / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mercurial/sslutil.py
changeset 52288 085cc409847d
parent 52285 323e3626929a
child 52312 a820a7a1fce0 
--- a/mercurial/sslutil.py	Mon Nov 11 13:03:13 2024 -0500
+++ b/mercurial/sslutil.py	Mon Nov 11 21:25:03 2024 -0500
@@ -99,14 +99,14 @@
                 % b' '.join(sorted(configprotocols)),
             )
 
-    # We default to TLS 1.1+ because TLS 1.0 has known vulnerabilities (like
+    # We default to TLS 1.2+ because TLS 1.0 has known vulnerabilities (like
     # BEAST and POODLE). We allow users to downgrade to TLS 1.0+ via config
     # options in case a legacy server is encountered.
 
     # setup.py checks that TLS 1.1 or TLS 1.2 is present, so the following
     # assert should not fail.
-    assert supportedprotocols - {b'tls1.0'}
-    defaultminimumprotocol = b'tls1.1'
+    assert supportedprotocols - {b'tls1.0', b'tls1.1'}
+    defaultminimumprotocol = b'tls1.2'
 
     key = b'minimumprotocol'
     minimumprotocol = ui.config(b'hostsecurity', key, defaultminimumprotocol)
mercurial-scm/hg