Show More
@@ -181,6 +181,12 b' def _hostsettings(ui, hostname):' | |||||
181 | protocol = ui.config('hostsecurity', key, protocol) |
|
181 | protocol = ui.config('hostsecurity', key, protocol) | |
182 | validateprotocol(protocol, key) |
|
182 | validateprotocol(protocol, key) | |
183 |
|
183 | |||
|
184 | # If --insecure is used, we allow the use of TLS 1.0 despite config options. | |||
|
185 | # We always print a "connection security to %s is disabled..." message when | |||
|
186 | # --insecure is used. So no need to print anything more here. | |||
|
187 | if ui.insecureconnections: | |||
|
188 | protocol = 'tls1.0' | |||
|
189 | ||||
184 | s['protocol'], s['ctxoptions'] = protocolsettings(protocol) |
|
190 | s['protocol'], s['ctxoptions'] = protocolsettings(protocol) | |
185 |
|
191 | |||
186 | ciphers = ui.config('hostsecurity', 'ciphers') |
|
192 | ciphers = ui.config('hostsecurity', 'ciphers') |
@@ -486,6 +486,12 b' Clients requiring newer TLS version than' | |||||
486 | abort: error: *unsupported protocol* (glob) |
|
486 | abort: error: *unsupported protocol* (glob) | |
487 | [255] |
|
487 | [255] | |
488 |
|
488 | |||
|
489 | --insecure will allow TLS 1.0 connections and override configs | |||
|
490 | ||||
|
491 | $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/ | |||
|
492 | warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |||
|
493 | 5fed3813f7f5 | |||
|
494 | ||||
489 | The per-host config option overrides the default |
|
495 | The per-host config option overrides the default | |
490 |
|
496 | |||
491 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
497 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
General Comments 0
You need to be logged in to leave comments.
Login now