sslutil: fix comment to use inclusive or instead of exclusive or
The incorrect "either" was introduced by one of my recent patches.
sslutil: propagate return value ssl.PROTOCOL_SSLv23 from protocolsettings()
Also, protocolsettings() was renamed to commonssloptions() to reflect that
only the options are returned.
sslutil: stop storing protocol and options for SSLContext in settings dict
Call protocolsettings() where its return values are needed.
sslutil: rename 'minimumprotocolui' -> 'minimumprotocol'
Before, both 'minimumprotocolui' and 'minimumprotocol' were used, but meaning
the same.
sslutil: properly detect which TLS versions are supported by the ssl module
For the record, I contacted the CPython developers to remark that
unconditionally defining ssl.PROTOCOL_TLSv1_1 / ssl.PROTOCOL_TLSv1_2 is
problematic:
https://github.com/python/cpython/commit/
6e8cda91d92da72800d891b2fc2073ecbc134d98#r
39569316
sslutil: remove dead code (that failed if only TLS 1.0 is available)
We ensure in setup.py that TLS 1.1 or TLS 1.2 is present.
sslutil: remove dead code (that downgraded default minimum TLS version)
We ensure in setup.py that TLS 1.1 or TLS 1.2 is present.
setup: require that Python has TLS 1.1 or TLS 1.2
This ensures that Mercurial never downgrades the minimum TLS version from
TLS 1.1+ to TLS 1.0+ and enables us to remove that compatibility code.
It is reasonable to expect that distributions having Python 2.7.9+ or having
backported modern features to the ssl module (which we require) have a OpenSSL
version supporting TLS 1.1 or TLS 1.2, as this is the main reason why
distributions would want to backport these features.
TLS 1.1 and TLS 1.2 are often either both enabled or both not enabled.
However, both can be disabled independently, at least on current Python /
OpenSSL versions.
For the record, I contacted the CPython developers to remark that
unconditionally defining ssl.PROTOCOL_TLSv1_1 / ssl.PROTOCOL_TLSv1_2 is
problematic:
https://github.com/python/cpython/commit/
6e8cda91d92da72800d891b2fc2073ecbc134d98#r
39569316