Mercurial > hg-stable
changeset 19490:074bd02352c0 stable
sslutil: force SSLv3 on Python 2.6 and later (issue3905)
We can't (easily) force SSL version on older Pythons, but on 2.6 and
later we can force SSLv3, which is safer and widely supported. This
also appears to work around a bug in IIS detailed in issue 3905.
| author | Augie Fackler <raf@durin42.com> |
|---|---|
| date | Wed, 24 Jul 2013 14:51:13 -0400 |
| parents | 42fcb2f7787d |
| children | e111d5e6bbbd |
| files | mercurial/sslutil.py |
| diffstat | 1 files changed, 2 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Wed Jul 24 14:45:29 2013 -0400 +++ b/mercurial/sslutil.py Wed Jul 24 14:51:13 2013 -0400 @@ -17,7 +17,8 @@ def ssl_wrap_socket(sock, keyfile, certfile, cert_reqs=ssl.CERT_NONE, ca_certs=None): sslsocket = ssl.wrap_socket(sock, keyfile, certfile, - cert_reqs=cert_reqs, ca_certs=ca_certs) + cert_reqs=cert_reqs, ca_certs=ca_certs, + ssl_version=ssl.PROTOCOL_SSLv3) # check if wrap_socket failed silently because socket had been closed # - see http://bugs.python.org/issue13721 if not sslsocket.cipher():