Control: tags -1 + upstream jessie Hi Mathias,
On Wed, May 06, 2015 at 10:28:17PM +0000, Mathias Gibbens wrote: > Package: mercurial > Version: 3.1.2-2 > Severity: normal > > Dear Maintainer, > > Cloning a mercurial repository over https is unexpectedly failing. > However, using version 3.4-1 from unstable works as expected. > > * What led up to the situation? > > I tried to clone an existing personal mercurial repository from a new > jessie install. When I do, I get this error: > > $ hg clone https://hg.calenhad.com/foobar > abort: error: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert > protocol version (_ssl.c:581) > > However, this works just fine on a wheezy system: > > $ hg clone https://hg.calenhad.com/foobar > destination directory: foobar > no changes found > updating to branch default > 0 files updated, 0 files merged, 0 files removed, 0 files unresolved > > The server I am trying to clone from only supports TLSv1.2 and the more > recent DHE/ECDHE ciphers. You can view its ssllabs report at > https://www.ssllabs.com/ssltest/analyze.html?d=hg.calenhad.com > > * What exactly did you do (or not do) that was effective (or > ineffective)? > > I thought this might be caused by my server using SNI for multiple https > virtual hosts, but including the "--insecure" option when cloning had no > effect. Hmmm, I think this is a duplicate of #769761: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769761 I'm not marking it as a duplicate yet because I haven't had time to read the bug report fully. If you think it is, feel free to merge them. > I also tried enabling SSLv3, TLSv1, and TLSv1.1 in addition to TLSv1.2 > on my webserver, but I still get the same error. > > I installed mercurial 3.4-1 from the unstable repository, and the clone > worked properly. So somewhere between 3.1.2-2 and 3.4-1 this problem was > resolved. I looked in the changelog for the package and don't see > anything specifically related to this problem. You can get most of the versions in between from snapshots: http://snapshot.debian.org/package/mercurial/ > I'm not sure where to look to compare changes in mercurial between > 3.1.2-2 and 3.4-1. I'm happy to provide feedback or try configuration > changes. Feel free to run my clone command above -- the repository is an > empty one created for testing purposes. Many thanks for the test repository. If this is #769761, there's a patch from upstream that can be backported to 3.1.2-2 to fix it. I probably won't have time to work on this until the end of the month. Can you keep that repository around for a month or so? Thanks, Javi
signature.asc
Description: Digital signature
