Mercurial Mercurial > hg-stable / changelog
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | help
(0) -10000 -3000 -1000 -300 -100 -30 -10 -1 +1 +10 +30 +100 +300 +1000 +3000 +10000 tip
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tue, 21 Oct 2014 17:01:23 -0400 sslutil: only support TLS (BC) stable
changeset
Augie Fackler <raf@durin42.com> [Tue, 21 Oct 2014 17:01:23 -0400] rev 23069
sslutil: only support TLS (BC) In light of the POODLE[0] attack on SSLv3, let's just drop the ability to use anything older than TLSv1 entirely. This only fixes the client side. Another commit will fix the server side. There are still a few SSLv[23] constants hiding in httpclient, but I'll fix those separately upstream and import them when we're not in a code freeze. 0: http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
(0) -10000 -3000 -1000 -300 -100 -30 -10 -1 +1 +10 +30 +100 +300 +1000 +3000 +10000 tip
hg-stable