Mercurial Mercurial > hg-stable / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: don't set minimum TLS version to 1.0 if 1.2 but not 1.1 is available
authorManuel Jacob <me@manueljacob.de>
Sun, 31 May 2020 11:10:21 +0200
changeset 44950 abcd6db1f2cc
parent 44949 4942c1bdd080
child 44951 dd7c4a208a4e
sslutil: don't set minimum TLS version to 1.0 if 1.2 but not 1.1 is available This case isn't very likely, but possible, especially if supportedprotocols gets fixed to contain only correct items (see the FIXME above in the file).
mercurial/sslutil.py file | annotate | diff | comparison | revisions 
--- a/mercurial/sslutil.py	Sun May 31 11:41:03 2020 +0200
+++ b/mercurial/sslutil.py	Sun May 31 11:10:21 2020 +0200
@@ -105,7 +105,7 @@
     # We default to TLS 1.1+ where we can because TLS 1.0 has known
     # vulnerabilities (like BEAST and POODLE). We allow users to downgrade to
     # TLS 1.0+ via config options in case a legacy server is encountered.
-    if b'tls1.1' in supportedprotocols:
+    if supportedprotocols - {b'tls1.0'}:
         defaultminimumprotocol = b'tls1.1'
     else:
         # Let people know they are borderline secure.
hg-stable