Show More
| @@ -122,7 +122,7 b' def _hostsettings(ui, hostname):' | |||||
| 122 | if ui.insecureconnections: |
|
122 | if ui.insecureconnections: | |
| 123 | minimumprotocol = b'tls1.0' |
|
123 | minimumprotocol = b'tls1.0' | |
| 124 | if not ciphers: |
|
124 | if not ciphers: | |
| 125 | ciphers = b'DEFAULT' |
|
125 | ciphers = b'DEFAULT:@SECLEVEL=0' | |
| 126 |
|
126 | |||
| 127 | s[b'minimumprotocol'] = minimumprotocol |
|
127 | s[b'minimumprotocol'] = minimumprotocol | |
| 128 | s[b'ciphers'] = ciphers |
|
128 | s[b'ciphers'] = ciphers | |
| @@ -627,7 +627,7 b' def wrapserversocket(' | |||||
| 627 | # In tests, allow insecure ciphers |
|
627 | # In tests, allow insecure ciphers | |
| 628 | # Otherwise, use the list of more secure ciphers if found in the ssl module. |
|
628 | # Otherwise, use the list of more secure ciphers if found in the ssl module. | |
| 629 | if exactprotocol: |
|
629 | if exactprotocol: | |
| 630 | sslcontext.set_ciphers('DEFAULT') |
|
630 | sslcontext.set_ciphers('DEFAULT:@SECLEVEL=0') | |
| 631 | elif util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'): |
|
631 | elif util.safehasattr(ssl, b'_RESTRICTED_SERVER_CIPHERS'): | |
| 632 | sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0) |
|
632 | sslcontext.options |= getattr(ssl, 'OP_CIPHER_SERVER_PREFERENCE', 0) | |
| 633 | # pytype: disable=module-attr |
|
633 | # pytype: disable=module-attr | |
| @@ -356,9 +356,9 b' Start servers running supported TLS vers' | |||||
| 356 |
|
356 | |||
| 357 | Clients talking same TLS versions work |
|
357 | Clients talking same TLS versions work | |
| 358 |
|
358 | |||
| 359 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT/ |
|
359 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers="DEFAULT:@SECLEVEL=0" id https://localhost:$HGPORT/ | |
| 360 | 5fed3813f7f5 |
|
360 | 5fed3813f7f5 | |
| 361 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT1/ |
|
361 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers="DEFAULT:@SECLEVEL=0" id https://localhost:$HGPORT1/ | |
| 362 | 5fed3813f7f5 |
|
362 | 5fed3813f7f5 | |
| 363 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/ |
|
363 | $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/ | |
| 364 | 5fed3813f7f5 |
|
364 | 5fed3813f7f5 | |
| @@ -400,7 +400,7 b' Clients requiring newer TLS version than' | |||||
| 400 | The per-host config option overrides the default |
|
400 | The per-host config option overrides the default | |
| 401 |
|
401 | |||
| 402 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
|
402 | $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ | |
| 403 | > --config hostsecurity.ciphers=DEFAULT \ |
|
403 | > --config hostsecurity.ciphers="DEFAULT:@SECLEVEL=0" \ | |
| 404 | > --config hostsecurity.minimumprotocol=tls1.2 \ |
|
404 | > --config hostsecurity.minimumprotocol=tls1.2 \ | |
| 405 | > --config hostsecurity.localhost:minimumprotocol=tls1.0 |
|
405 | > --config hostsecurity.localhost:minimumprotocol=tls1.0 | |
| 406 | 5fed3813f7f5 |
|
406 | 5fed3813f7f5 | |
General Comments 0
You need to be logged in to leave comments.
Login now