Mercurial > hg

diff tests/test-https.t @ 29617:2960ceee1948 stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: allow TLS 1.0 when --insecure is used --insecure is our psuedo-supported footgun for disabling connection security. The flag already disables CA verification. I think allowing the use of TLS 1.0 when specified is appropriate.
author Gregory Szorc <gregory.szorc@gmail.com>
date Tue, 19 Jul 2016 20:16:51 -0700
parents 3fde328d0913
children 53e80179bd6a
line wrap: on
line diff
--- a/tests/test-https.t	Tue Jul 19 19:57:34 2016 -0700
+++ b/tests/test-https.t	Tue Jul 19 20:16:51 2016 -0700
@@ -486,6 +486,12 @@
   abort: error: *unsupported protocol* (glob)
   [255]
 
+--insecure will allow TLS 1.0 connections and override configs
+
+  $ hg --config hostsecurity.minimumprotocol=tls1.2 id --insecure https://localhost:$HGPORT1/
+  warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
+  5fed3813f7f5
+
 The per-host config option overrides the default
 
   $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \