sslutil: remove dead code (that failed if only TLS 1.0 is available)
authorManuel Jacob <me@manueljacob.de>
Sun, 31 May 2020 22:31:49 +0200
changeset 44897 941fef7523c7
parent 44896 4dcb2791beab
child 44898 d61c05450b37
sslutil: remove dead code (that failed if only TLS 1.0 is available) We ensure in setup.py that TLS 1.1 or TLS 1.2 is present.
mercurial/sslutil.py
--- a/mercurial/sslutil.py	Sun May 31 00:30:49 2020 +0200
+++ b/mercurial/sslutil.py	Sun May 31 22:31:49 2020 +0200
@@ -250,18 +250,6 @@
     # only (as opposed to multiple versions). So the method for
     # supporting multiple TLS versions is to use PROTOCOL_SSLv23 and
     # disable protocols via SSLContext.options and OP_NO_* constants.
-    if supportedprotocols == {b'tls1.0'}:
-        if minimumprotocol != b'tls1.0':
-            raise error.Abort(
-                _(b'current Python does not support protocol setting %s')
-                % minimumprotocol,
-                hint=_(
-                    b'upgrade Python or disable setting since '
-                    b'only TLS 1.0 is supported'
-                ),
-            )
-
-        return ssl.PROTOCOL_TLSv1, 0
 
     # SSLv2 and SSLv3 are broken. We ban them outright.
     options = ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3