##// END OF EJS Templates
sslutil: allow TLS 1.0 when --insecure is used...
Gregory Szorc -
r29617:2960ceee stable
parent child Browse files
Show More
@@ -181,6 +181,12 b' def _hostsettings(ui, hostname):'
181 protocol = ui.config('hostsecurity', key, protocol)
181 protocol = ui.config('hostsecurity', key, protocol)
182 validateprotocol(protocol, key)
182 validateprotocol(protocol, key)
183
183
184 # If --insecure is used, we allow the use of TLS 1.0 despite config options.
185 # We always print a "connection security to %s is disabled..." message when
186 # --insecure is used. So no need to print anything more here.
187 if ui.insecureconnections:
188 protocol = 'tls1.0'
189
184 s['protocol'], s['ctxoptions'] = protocolsettings(protocol)
190 s['protocol'], s['ctxoptions'] = protocolsettings(protocol)
185
191
186 ciphers = ui.config('hostsecurity', 'ciphers')
192 ciphers = ui.config('hostsecurity', 'ciphers')
@@ -486,6 +486,12 b' Clients requiring newer TLS version than'
486 abort: error: *unsupported protocol* (glob)
486 abort: error: *unsupported protocol* (glob)
487 [255]
487 [255]
488
488
489 --insecure will allow TLS 1.0 connections and override configs
490
491 $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
492 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
493 5fed3813f7f5
494
489 The per-host config option overrides the default
495 The per-host config option overrides the default
490
496
491 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
497 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
General Comments 0
You need to be logged in to leave comments. Login now