This is an archive of the discontinued Mercurial Phabricator instance.

sslutil: be less strict about which ciphers are allowed when using --insecure
ClosedPublic

Authored by jcristau on Apr 9 2022, 8:44 AM.

Details

Summary

Python 3.10 restricted which ciphers are enabled by default, leading to
no available ciphers for TLS < 1.2. When using the --insecure flag we
allow old TLS, so also adjust the cipher list to give connections a
chance to work.

On the server side, also loosen the cipher selection in tests (when
using the devel.serverexactprotocol option).

Diff Detail

Repository
rHG Mercurial
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.