diff --git a/i18n/ja.po b/i18n/ja.po
--- a/i18n/ja.po
+++ b/i18n/ja.po
@@ -37064,8 +37064,8 @@ msgid "TLS 1.2 not supported by this Pyt
msgstr "利用中の Python では TLS 1.2 が未サポートです"
#, python-format
-msgid "invalid value for serverexactprotocol: %s"
-msgstr "不正な serverexactprotocol 指定値: %s"
+msgid "invalid value for server-insecure-exact-protocol: %s"
+msgstr "不正な server-insecure-exact-protocol 指定値: %s"
#, python-format
msgid "too many wildcards in certificate DNS name: %s"
diff --git a/i18n/pt_BR.po b/i18n/pt_BR.po
--- a/i18n/pt_BR.po
+++ b/i18n/pt_BR.po
@@ -38342,8 +38342,8 @@ msgid "TLS 1.2 not supported by this Pyt
msgstr "TLS 1.2 não é suportado por esta versão do Python"
#, python-format
-msgid "invalid value for serverexactprotocol: %s"
-msgstr "valor inválido para serverexactprotocol: %s"
+msgid "invalid value for server-insecure-exact-protocol: %s"
+msgstr "valor inválido para server-insecure-exact-protocol: %s"
#, python-format
msgid "too many wildcards in certificate DNS name: %s"
diff --git a/mercurial/configitems.py b/mercurial/configitems.py
--- a/mercurial/configitems.py
+++ b/mercurial/configitems.py
@@ -688,9 +688,11 @@ coreconfigitem(
b'servercafile',
default=b'',
)
+# This config option is intended for use in tests only. It is a giant
+# footgun to kill security. Don't define it.
coreconfigitem(
b'devel',
- b'serverexactprotocol',
+ b'server-insecure-exact-protocol',
default=b'',
)
coreconfigitem(
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -553,7 +553,7 @@ def wrapserversocket(
# This config option is intended for use in tests only. It is a giant
# footgun to kill security. Don't define it.
- exactprotocol = ui.config(b'devel', b'serverexactprotocol')
+ exactprotocol = ui.config(b'devel', b'server-insecure-exact-protocol')
if exactprotocol == b'tls1.0':
if b'tls1.0' not in supportedprotocols:
raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
@@ -583,7 +583,8 @@ def wrapserversocket(
sslcontext.maximum_version = ssl.TLSVersion.TLSv1_2
elif exactprotocol:
raise error.Abort(
- _(b'invalid value for serverexactprotocol: %s') % exactprotocol
+ _(b'invalid value for server-insecure-exact-protocol: %s')
+ % exactprotocol
)
else:
# Despite its name, PROTOCOL_SSLv23 selects the highest protocol that both
@@ -594,7 +595,7 @@ def wrapserversocket(
# This config option is intended for use in tests only. It is a giant
# footgun to kill security. Don't define it.
- exactprotocol = ui.config(b'devel', b'serverexactprotocol')
+ exactprotocol = ui.config(b'devel', b'server-insecure-exact-protocol')
if exactprotocol == b'tls1.0':
if b'tls1.0' not in supportedprotocols:
raise error.Abort(_(b'TLS 1.0 not supported by this Python'))
@@ -609,7 +610,8 @@ def wrapserversocket(
protocol = ssl.PROTOCOL_TLSv1_2
elif exactprotocol:
raise error.Abort(
- _(b'invalid value for serverexactprotocol: %s') % exactprotocol
+ _(b'invalid value for server-insecure-exact-protocol: %s')
+ % exactprotocol
)
# We /could/ use create_default_context() here since it doesn't load
diff --git a/tests/test-https.t b/tests/test-https.t
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -344,13 +344,13 @@ Start servers running supported TLS vers
$ cd test
$ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
- > --config devel.serverexactprotocol=tls1.0
+ > --config devel.server-insecure-exact-protocol=tls1.0
$ cat ../hg0.pid >> $DAEMON_PIDS
$ hg serve -p $HGPORT1 -d --pid-file=../hg1.pid --certificate=$PRIV \
- > --config devel.serverexactprotocol=tls1.1
+ > --config devel.server-insecure-exact-protocol=tls1.1
$ cat ../hg1.pid >> $DAEMON_PIDS
$ hg serve -p $HGPORT2 -d --pid-file=../hg2.pid --certificate=$PRIV \
- > --config devel.serverexactprotocol=tls1.2
+ > --config devel.server-insecure-exact-protocol=tls1.2
$ cat ../hg2.pid >> $DAEMON_PIDS
$ cd ..