# HG changeset patch # User Manuel Jacob <m...@manueljacob.de> # Date 1590783568 -7200 # Fri May 29 22:19:28 2020 +0200 # Node ID 38f91fbf3f53237e4f5b7fd382f72cfab5e2c8fd # Parent 13922e383d20ca51752a2c3bd16429a5b0e30397 # EXP-Topic require_modern_ssl sslutil: assert that the Python we run on supports TLS 1.1 and TLS 1.2
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py --- a/mercurial/sslutil.py +++ b/mercurial/sslutil.py @@ -44,13 +44,18 @@ configprotocols = { hassni = getattr(ssl, 'HAS_SNI', False) -# TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled -# against doesn't support them. -supportedprotocols = {b'tls1.0'} -if util.safehasattr(ssl, b'PROTOCOL_TLSv1_1'): - supportedprotocols.add(b'tls1.1') -if util.safehasattr(ssl, b'PROTOCOL_TLSv1_2'): - supportedprotocols.add(b'tls1.2') +# TLS 1.1 and 1.2 are supported since OpenSSL 1.0.1, released on 2012-03-14. +# OpenSSL 1.0.0 is EOL since 2015-12-31. It is reasonable to expect that +# distributions having Python 2.7.9+ or having backported modern features to +# the ssl module (which we require) have OpenSSL 1.0.1+. To be sure, we assert +# that support is actually present. +assert util.safehasattr(ssl, b'PROTOCOL_TLSv1_1') +assert util.safehasattr(ssl, b'PROTOCOL_TLSv1_2') +supportedprotocols = { + b'tls1.0', + b'tls1.1', + b'tls1.2', +} def _hostsettings(ui, hostname): _______________________________________________ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel