Mercurial > hg-stable
changeset 44950:abcd6db1f2cc
sslutil: don't set minimum TLS version to 1.0 if 1.2 but not 1.1 is available
This case isn't very likely, but possible, especially if supportedprotocols
gets fixed to contain only correct items (see the FIXME above in the file).
author | Manuel Jacob <me@manueljacob.de> |
---|---|
date | Sun, 31 May 2020 11:10:21 +0200 |
parents | 4942c1bdd080 |
children | dd7c4a208a4e |
files | mercurial/sslutil.py |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/sslutil.py Sun May 31 11:41:03 2020 +0200 +++ b/mercurial/sslutil.py Sun May 31 11:10:21 2020 +0200 @@ -105,7 +105,7 @@ # We default to TLS 1.1+ where we can because TLS 1.0 has known # vulnerabilities (like BEAST and POODLE). We allow users to downgrade to # TLS 1.0+ via config options in case a legacy server is encountered. - if b'tls1.1' in supportedprotocols: + if supportedprotocols - {b'tls1.0'}: defaultminimumprotocol = b'tls1.1' else: # Let people know they are borderline secure.