[Updated] D12491: sslutil: treat TLSV1_ALERT_PROTOCOL_VERSION error the same as UNSUPPORTED_PROTOCOL
jcristau (Julien Cristau)
phabricator at mercurial-scm.org
Tue Apr 12 14:48:15 UTC 2022
Closed by commit rHG71fc7ef1c261: sslutil: treat TLSV1_ALERT_PROTOCOL_VERSION error the same as… (authored by jcristau).
This revision was automatically updated to reflect the committed changes.
REPOSITORY
rHG Mercurial
CHANGES SINCE LAST UPDATE
https://phab.mercurial-scm.org/D12491?vs=32997&id=33021
CHANGES SINCE LAST ACTION
https://phab.mercurial-scm.org/D12491/new/
REVISION DETAIL
https://phab.mercurial-scm.org/D12491
AFFECTED FILES
mercurial/sslutil.py
tests/test-https.t
CHANGE DETAILS
diff --git a/tests/test-https.t b/tests/test-https.t
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -374,26 +374,26 @@
(could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
(consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
(see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ abort: error: .*(unsupported protocol|wrong ssl version|alert protocol version).* (re)
[100]
$ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT/
(could not negotiate a common security protocol (tls1.1+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
(consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
(see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ abort: error: .*(unsupported protocol|wrong ssl version|alert protocol version).* (re)
[100]
$ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT/
(could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
(consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
(see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ abort: error: .*(unsupported protocol|wrong ssl version|alert protocol version).* (re)
[100]
$ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT1/
(could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
(consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
(see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ abort: error: .*(unsupported protocol|wrong ssl version|alert protocol version).* (re)
[100]
--insecure will allow TLS 1.0 connections and override configs
@@ -417,7 +417,7 @@
(could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
(consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
(see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ abort: error: .*(unsupported protocol|wrong ssl version|alert protocol version).* (re)
[100]
.hg/hgrc file [hostsecurity] settings are applied to remote ui instances (issue5305)
@@ -430,7 +430,7 @@
(could not negotiate a common security protocol (tls1.2+) with localhost; the likely cause is Mercurial is configured to be more secure than the server can support)
(consider contacting the operator of this server and ask them to support modern TLS protocol versions; or, set hostsecurity.localhost:minimumprotocol=tls1.0 to allow use of legacy, less secure protocols when communicating with this server)
(see https://mercurial-scm.org/wiki/SecureConnections for more info)
- abort: error: .*(unsupported protocol|wrong ssl version).* (re)
+ abort: error: .*(unsupported protocol|wrong ssl version|alert protocol version).* (re)
[100]
$ killdaemons.py hg0.pid
diff --git a/mercurial/sslutil.py b/mercurial/sslutil.py
--- a/mercurial/sslutil.py
+++ b/mercurial/sslutil.py
@@ -418,7 +418,7 @@
# outright. Hopefully the reason for this error is that we require
# TLS 1.1+ and the server only supports TLS 1.0. Whatever the
# reason, try to emit an actionable warning.
- if e.reason == 'UNSUPPORTED_PROTOCOL':
+ if e.reason in ('UNSUPPORTED_PROTOCOL', 'TLSV1_ALERT_PROTOCOL_VERSION'):
# We attempted TLS 1.0+.
if settings[b'minimumprotocol'] == b'tls1.0':
# We support more than just TLS 1.0+. If this happens,
To: jcristau, #hg-reviewers, Alphare
Cc: mercurial-patches
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mercurial-scm.org/pipermail/mercurial-patches/attachments/20220412/41387772/attachment-0002.html>
More information about the Mercurial-patches
mailing list