Augie Fackler <raf@durin42.com> [Tue, 21 Oct 2014 17:09:37 -0400] rev 23070
hgweb: disable SSLv3 serving (BC)
Because of recent attacks[0] on SSLv3, let's just drop support entirely.
0: http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
Augie Fackler <raf@durin42.com> [Tue, 21 Oct 2014 17:01:23 -0400] rev 23069
sslutil: only support TLS (BC)
In light of the POODLE[0] attack on SSLv3, let's just drop the ability to
use anything older than TLSv1 entirely.
This only fixes the client side. Another commit will fix the server
side. There are still a few SSLv[23] constants hiding in httpclient,
but I'll fix those separately upstream and import them when we're not
in a code freeze.
0: http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
Mads Kiilerich <madski@unity3d.com> [Wed, 22 Oct 2014 16:10:23 +0200] rev 23068
eol: fix crash when handling removed files
ci --amend would in some cases fail after 650b5b6e75ed failed to refactor the
eol extension too.