--- a/mercurial/hgweb/server.py	Thu Jul 14 20:14:19 2016 -0700
+++ b/mercurial/hgweb/server.py	Tue Jul 12 23:12:03 2016 -0700
@@ -224,15 +224,23 @@
     @staticmethod
     def preparehttpserver(httpserver, ui):
         try:
-            import ssl
-            ssl.wrap_socket
+            from .. import sslutil
+            sslutil.modernssl
         except ImportError:
             raise error.Abort(_("SSL support is unavailable"))
 
         certfile = ui.config('web', 'certificate')
-        httpserver.socket = ssl.wrap_socket(
-            httpserver.socket, server_side=True,
-            certfile=certfile, ssl_version=ssl.PROTOCOL_TLSv1)
+
+        # These config options are currently only meant for testing. Use
+        # at your own risk.
+        cafile = ui.config('devel', 'servercafile')
+        reqcert = ui.configbool('devel', 'serverrequirecert')
+
+        httpserver.socket = sslutil.wrapserversocket(httpserver.socket,
+                                                     ui,
+                                                     certfile=certfile,
+                                                     cafile=cafile,
+                                                     requireclientcert=reqcert)
 
     def setup(self):
         self.connection = self.request