Show More
@@ -113,16 +113,18 b' def _hostsettings(ui, hostname):' | |||
|
113 | 113 | minimumprotocol = ui.config(b'hostsecurity', key, minimumprotocol) |
|
114 | 114 | validateprotocol(minimumprotocol, key) |
|
115 | 115 | |
|
116 | ciphers = ui.config(b'hostsecurity', b'ciphers') | |
|
117 | ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers) | |
|
118 | ||
|
116 | 119 | # If --insecure is used, we allow the use of TLS 1.0 despite config options. |
|
117 | 120 | # We always print a "connection security to %s is disabled..." message when |
|
118 | 121 | # --insecure is used. So no need to print anything more here. |
|
119 | 122 | if ui.insecureconnections: |
|
120 | 123 | minimumprotocol = b'tls1.0' |
|
124 | if not ciphers: | |
|
125 | ciphers = b'DEFAULT' | |
|
121 | 126 | |
|
122 | 127 | s[b'minimumprotocol'] = minimumprotocol |
|
123 | ||
|
124 | ciphers = ui.config(b'hostsecurity', b'ciphers') | |
|
125 | ciphers = ui.config(b'hostsecurity', b'%s:ciphers' % bhostname, ciphers) | |
|
126 | 128 | s[b'ciphers'] = ciphers |
|
127 | 129 | |
|
128 | 130 | # Look for fingerprints in [hostsecurity] section. Value is a list |
@@ -617,8 +619,11 b' def wrapserversocket(' | |||
|
617 | 619 | sslcontext.options |= getattr(ssl, 'OP_SINGLE_DH_USE', 0) |
|
618 | 620 | sslcontext.options |= getattr(ssl, 'OP_SINGLE_ECDH_USE', 0) |
|
619 | 621 | |
|
620 | # Use the list of more secure ciphers if found in the ssl module. | |
|
621 | if util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'): | |
|
622 | # In tests, allow insecure ciphers | |
|
623 | # Otherwise, use the list of more secure ciphers if found in the ssl module. | |
|
624 | if exactprotocol: | |
|
625 | sslcontext.set_ciphers('DEFAULT') | |
|
626 | elif util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'): | |
|
622 | 627 | sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0) |
|
623 | 628 | # pytype: disable=module-attr |
|
624 | 629 | sslcontext.set_ciphers(ssl._RESTRICTED_SERVER_CIPHERS) |
General Comments 0
You need to be logged in to leave comments.
Login now