sslutil: only support TLS (BC)
In light of the POODLE[0] attack on SSLv3, let's just drop the ability to
use anything older than TLSv1 entirely.
This only fixes the client side. Another commit will fix the server
side. There are still a few SSLv[23] constants hiding in httpclient,
but I'll fix those separately upstream and import them when we're not
in a code freeze.
0: http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
#!/usr/bin/env python
#
# Dumps output generated by Mercurial's command server in a formatted style to a
# given file or stderr if '-' is specified. Output is also written in its raw
# format to stdout.
#
# $ ./hg serve --cmds pipe | ./contrib/debugcmdserver.py -
# o, 52 -> 'capabilities: getencoding runcommand\nencoding: UTF-8'
import sys, struct
if len(sys.argv) != 2:
print 'usage: debugcmdserver.py FILE'
sys.exit(1)
outputfmt = '>cI'
outputfmtsize = struct.calcsize(outputfmt)
if sys.argv[1] == '-':
log = sys.stderr
else:
log = open(sys.argv[1], 'a')
def read(size):
data = sys.stdin.read(size)
if not data:
raise EOFError
sys.stdout.write(data)
sys.stdout.flush()
return data
try:
while True:
header = read(outputfmtsize)
channel, length = struct.unpack(outputfmt, header)
log.write('%s, %-4d' % (channel, length))
if channel in 'IL':
log.write(' -> waiting for input\n')
else:
data = read(length)
log.write(' -> %r\n' % data)
log.flush()
except EOFError:
pass
finally:
if log != sys.stderr:
log.close()