Mercurial > hg

comparison tests/test-https.t @ 29617:2960ceee1948 stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: allow TLS 1.0 when --insecure is used --insecure is our psuedo-supported footgun for disabling connection security. The flag already disables CA verification. I think allowing the use of TLS 1.0 when specified is appropriate.
author Gregory Szorc <gregory.szorc@gmail.com>
date Tue, 19 Jul 2016 20:16:51 -0700
parents 3fde328d0913
children 53e80179bd6a
comparison
equal deleted inserted replaced
29616:3fde328d0913 29617:2960ceee1948
484 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/ 484 $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
485 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error) 485 (could not negotiate a common protocol; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error)
486 abort: error: *unsupported protocol* (glob) 486 abort: error: *unsupported protocol* (glob)
487 [255] 487 [255]
488 488
489 --insecure will allow TLS 1.0 connections and override configs
490
491 $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
492 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
493 5fed3813f7f5
494
489 The per-host config option overrides the default 495 The per-host config option overrides the default
490 496
491 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \ 497 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
492 > --config hostsecurity.minimumprotocol=tls1.2 \ 498 > --config hostsecurity.minimumprotocol=tls1.2 \
493 > --config hostsecurity.localhost:minimumprotocol=tls1.0 499 > --config hostsecurity.localhost:minimumprotocol=tls1.0