Mercurial Mercurial > hg / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: force SSLv3 on Python 2.6 and later (issue3905) stable
authorAugie Fackler <raf@durin42.com>
Wed, 24 Jul 2013 14:51:13 -0400
branchstable
changeset 19490 074bd02352c0
parent 19489 42fcb2f7787d
child 19491 e111d5e6bbbd
sslutil: force SSLv3 on Python 2.6 and later (issue3905) We can't (easily) force SSL version on older Pythons, but on 2.6 and later we can force SSLv3, which is safer and widely supported. This also appears to work around a bug in IIS detailed in issue 3905.
mercurial/sslutil.py file | annotate | diff | comparison | revisions 
--- a/mercurial/sslutil.py	Wed Jul 24 14:45:29 2013 -0400
+++ b/mercurial/sslutil.py	Wed Jul 24 14:51:13 2013 -0400
@@ -17,7 +17,8 @@
     def ssl_wrap_socket(sock, keyfile, certfile,
                 cert_reqs=ssl.CERT_NONE, ca_certs=None):
         sslsocket = ssl.wrap_socket(sock, keyfile, certfile,
-                cert_reqs=cert_reqs, ca_certs=ca_certs)
+                cert_reqs=cert_reqs, ca_certs=ca_certs,
+                ssl_version=ssl.PROTOCOL_SSLv3)
         # check if wrap_socket failed silently because socket had been closed
         # - see http://bugs.python.org/issue13721
         if not sslsocket.cipher():
Mercurial