Mercurial > hg

comparison mercurial/hgweb/server.py @ 23070:c289fb3624b8 stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgweb: disable SSLv3 serving (BC) Because of recent attacks[0] on SSLv3, let's just drop support entirely. 0: http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
author Augie Fackler <raf@durin42.com>
date Tue, 21 Oct 2014 17:09:37 -0400
parents ca970d6acedb
children dc4d2cd3aa3e
comparison
equal deleted inserted replaced
23069:22db405536be 23070:c289fb3624b8
206 try: 206 try:
207 import OpenSSL 207 import OpenSSL
208 OpenSSL.SSL.Context 208 OpenSSL.SSL.Context
209 except ImportError: 209 except ImportError:
210 raise util.Abort(_("SSL support is unavailable")) 210 raise util.Abort(_("SSL support is unavailable"))
211 ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD) 211 ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
212 ctx.use_privatekey_file(ssl_cert) 212 ctx.use_privatekey_file(ssl_cert)
213 ctx.use_certificate_file(ssl_cert) 213 ctx.use_certificate_file(ssl_cert)
214 sock = socket.socket(httpserver.address_family, httpserver.socket_type) 214 sock = socket.socket(httpserver.address_family, httpserver.socket_type)
215 httpserver.socket = OpenSSL.SSL.Connection(ctx, sock) 215 httpserver.socket = OpenSSL.SSL.Connection(ctx, sock)
216 httpserver.server_bind() 216 httpserver.server_bind()
247 try: 247 try:
248 import ssl 248 import ssl
249 ssl.wrap_socket 249 ssl.wrap_socket
250 except ImportError: 250 except ImportError:
251 raise util.Abort(_("SSL support is unavailable")) 251 raise util.Abort(_("SSL support is unavailable"))
252 httpserver.socket = ssl.wrap_socket(httpserver.socket, server_side=True, 252 httpserver.socket = ssl.wrap_socket(
253 certfile=ssl_cert, ssl_version=ssl.PROTOCOL_SSLv23) 253 httpserver.socket, server_side=True,
254 certfile=ssl_cert, ssl_version=ssl.PROTOCOL_TLSv1)
254 255
255 def setup(self): 256 def setup(self):
256 self.connection = self.request 257 self.connection = self.request
257 self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) 258 self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
258 self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) 259 self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)