Mercurial > hg-stable
view tests/test-issue1175.t @ 29560:303e9300772a
sslutil: require TLS 1.1+ when supported
Currently, Mercurial will use TLS 1.0 or newer when connecting to
remote servers, selecting the highest TLS version supported by both
peers. On older Pythons, only TLS 1.0 is available. On newer Pythons,
TLS 1.1 and 1.2 should be available.
Security professionals recommend avoiding TLS 1.0 if possible.
PCI DSS 3.1 "strongly encourages" the use of TLS 1.2.
Known attacks like BEAST and POODLE exist against TLS 1.0 (although
mitigations are available and properly configured servers aren't
vulnerable).
I asked Eric Rescorla - Mozilla's resident crypto expert - whether
Mercurial should drop support for TLS 1.0. His response was
"if you can get away with it." Essentially, a number of servers on
the Internet don't support TLS 1.1+. This is why web browsers
continue to support TLS 1.0 despite desires from security experts.
This patch changes Mercurial's default behavior on modern Python
versions to require TLS 1.1+, thus avoiding known security issues
with TLS 1.0 and making Mercurial more secure by default. Rather
than drop TLS 1.0 support wholesale, we still allow TLS 1.0 to be
used if configured. This is a compromise solution - ideally we'd
disallow TLS 1.0. However, since we're not sure how many Mercurial
servers don't support TLS 1.1+ and we're not sure how much user
inconvenience this change will bring, I think it is prudent to ship
an escape hatch that still allows usage of TLS 1.0. In the default
case our users get better security. In the worst case, they are no
worse off than before this patch.
This patch has no effect when running on Python versions that don't
support TLS 1.1+.
As the added test shows, connecting to a server that doesn't
support TLS 1.1+ will display a warning message with a link to
our wiki, where we can guide people to configure their client to
allow less secure connections.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Wed, 13 Jul 2016 21:35:54 -0700 |
| parents | fc1d75e7a98d |
| children | 2f034a21778c |
line wrap: on
line source
https://bz.mercurial-scm.org/1175 $ hg init $ touch a $ hg ci -Am0 adding a $ hg mv a a1 $ hg ci -m1 $ hg co 0 1 files updated, 0 files merged, 1 files removed, 0 files unresolved $ hg mv a a2 $ hg up note: possible conflict - a was renamed multiple times to: a2 a1 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg ci -m2 $ touch a $ hg ci -Am3 adding a $ hg mv a b $ hg ci -Am4 a $ hg ci --debug --traceback -Am5 b committing files: b warning: can't find ancestor for 'b' copied from 'a'! committing manifest committing changelog committed changeset 5:83a687e8a97c80992ba385bbfd766be181bfb1d1 $ hg verify checking changesets checking manifests crosschecking files in changesets and manifests checking files 4 files, 6 changesets, 4 total revisions $ hg export --git tip # HG changeset patch # User test # Date 0 0 # Thu Jan 01 00:00:00 1970 +0000 # Node ID 83a687e8a97c80992ba385bbfd766be181bfb1d1 # Parent 1d1625283f71954f21d14c3d44d0ad3c019c597f 5 diff --git a/b b/b new file mode 100644 http://bz.selenic.com/show_bug.cgi?id=4476 $ hg init foo $ cd foo $ touch a && hg ci -Aqm a $ hg mv a b $ echo b1 >> b $ hg ci -Aqm b1 $ hg up 0 1 files updated, 0 files merged, 1 files removed, 0 files unresolved $ hg mv a b $ echo b2 >> b $ hg ci -Aqm b2 $ hg graft 1 grafting 1:5974126fad84 "b1" merging b warning: conflicts while merging b! (edit, then use 'hg resolve --mark') abort: unresolved conflicts, can't continue (use 'hg resolve' and 'hg graft --continue') [255] $ echo a > b $ echo b3 >> b $ hg resolve --mark b (no more unresolved files) continue: hg graft --continue $ hg graft --continue grafting 1:5974126fad84 "b1" warning: can't find ancestor for 'b' copied from 'a'! $ hg log -f b -T 'changeset: {rev}:{node|short}\nsummary: {desc}\n\n' changeset: 3:376d30ccffc0 summary: b1 changeset: 2:416baaa2e5e4 summary: b2 changeset: 0:3903775176ed summary: a