Mercurial Mercurial > hg-stable / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: let HTTPS serve use more compatible and less secure encryption stable
authorMads Kiilerich <mads@kiilerich.com>
Thu, 21 Oct 2010 03:18:52 +0200
branchstable
changeset 12797 076bbbf0ba86
parent 12796 bc69ba99e34b
child 12798 3d6ba8c2b1b8
hgweb: let HTTPS serve use more compatible and less secure encryption PROTOCOL_SSLv3 on the server side doesn't work everywhere. Sometimes the client reports "EOF occurred in violation of protocol" (for example on Mac and Solaris). The more compatible PROTOCOL_SSLv23 is now used instead. It works but is less "secure" for some OpenSSL versions as it can fall back to weak encryption.
mercurial/hgweb/server.py file | annotate | diff | comparison | revisions 
--- a/mercurial/hgweb/server.py	Wed Oct 20 18:15:47 2010 +0530
+++ b/mercurial/hgweb/server.py	Thu Oct 21 03:18:52 2010 +0200
@@ -227,7 +227,7 @@
         except ImportError:
             raise util.Abort(_("SSL support is unavailable"))
         httpserver.socket = ssl.wrap_socket(httpserver.socket, server_side=True,
-            certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv3)
+            certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv23)
 
     def setup(self):
         self.connection = self.request
hg-stable