Mercurial > hg
comparison tests/test-https.t @ 29617:2960ceee1948 stable
sslutil: allow TLS 1.0 when --insecure is used
--insecure is our psuedo-supported footgun for disabling connection
security.
The flag already disables CA verification. I think allowing the use of
TLS 1.0 when specified is appropriate.
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Tue, 19 Jul 2016 20:16:51 -0700 |
parents | 3fde328d0913 |
children | 53e80179bd6a |
comparison
equal
deleted
inserted
replaced
29616:3fde328d0913 | 29617:2960ceee1948 |
---|---|
484 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/ | 484 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/ |
485 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) | 485 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) |
486 abort: error: *unsupported protocol* (glob) | 486 abort: error: *unsupported protocol* (glob) |
487 [255] | 487 [255] |
488 | 488 |
489 --insecure will allow TLS 1.0 connections and override configs | |
490 | |
491 $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/ | |
492 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering | |
493 5fed3813f7f5 | |
494 | |
489 The per-host config option overrides the default | 495 The per-host config option overrides the default |
490 | 496 |
491 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ | 497 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ |
492 > --config hostsecurity.minimumprotocol=tls1.2 \ | 498 > --config hostsecurity.minimumprotocol=tls1.2 \ |
493 > --config hostsecurity.localhost:minimumprotocol=tls1.0 | 499 > --config hostsecurity.localhost:minimumprotocol=tls1.0 |