# HG changeset patch
# User Mads Kiilerich <mads@kiilerich.com>
# Date 2010-10-21 01:18:52
# Node ID 076bbbf0ba860baca24a14962278cd6f0aa2a4b7
# Parent  bc69ba99e34bde884d3d88abf0edd520060f591a

hgweb: let HTTPS serve use more compatible and less secure encryption

PROTOCOL_SSLv3 on the server side doesn't work everywhere. Sometimes the client
reports "EOF occurred in violation of protocol" (for example on Mac and Solaris).

The more compatible PROTOCOL_SSLv23 is now used instead. It works but is less
"secure" for some OpenSSL versions as it can fall back to weak encryption.

diff --git a/mercurial/hgweb/server.py b/mercurial/hgweb/server.py
--- a/mercurial/hgweb/server.py
+++ b/mercurial/hgweb/server.py
@@ -227,7 +227,7 @@ class _httprequesthandlerssl(_httpreques
         except ImportError:
             raise util.Abort(_("SSL support is unavailable"))
         httpserver.socket = ssl.wrap_socket(httpserver.socket, server_side=True,
-            certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv3)
+            certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv23)
 
     def setup(self):
         self.connection = self.request