Patchwork [2,of,6,V6] sslutil: prevent CRIME

mail settings
Submitter Gregory Szorc
Date July 16, 2016, 5:18 a.m.
Message ID <da2cb958a05e73864687.1468646325@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/15900/
State Superseded
Headers show


Gregory Szorc - July 16, 2016, 5:18 a.m.
# HG changeset patch
# User Gregory Szorc <>
# Date 1468552030 25200
#      Thu Jul 14 20:07:10 2016 -0700
# Node ID da2cb958a05e738646878e564ad109cfb478ac13
# Parent  8b135fc9edb73748fbc1329ba63f95a60b8e07a5
sslutil: prevent CRIME

ssl.create_default_context() disables compression on the TLS channel
in order to prevent CRIME. I think we should follow CPython's lead
and attempt to disable channel compression in order to help prevent
information leakage.

Sadly, I don't think there is anything we can do on Python versions
that don't have an SSLContext, as there is no way to set channel
options with the limited ssl API.


diff --git a/mercurial/ b/mercurial/
--- a/mercurial/
+++ b/mercurial/
@@ -150,16 +150,20 @@  def _hostsettings(ui, hostname):
         s['protocol'] = ssl.PROTOCOL_TLSv1
     # SSLv2 and SSLv3 are broken. We ban them outright.
     # WARNING: ctxoptions doesn't have an effect unless the modern ssl module
     # is available. Be careful when adding flags!
     s['ctxoptions'] = OP_NO_SSLv2 | OP_NO_SSLv3
+    # Prevent CRIME.
+    # There is no guarantee this attribute is defined on the module.
+    s['ctxoptions'] |= getattr(ssl, 'OP_NO_COMPRESSION', 0)
     # Look for fingerprints in [hostsecurity] section. Value is a list
     # of <alg>:<fingerprint> strings.
     fingerprints = ui.configlist('hostsecurity', '%s:fingerprints' % hostname,
     for fingerprint in fingerprints:
         if not (fingerprint.startswith(('sha1:', 'sha256:', 'sha512:'))):
             raise error.Abort(_('invalid fingerprint for %s: %s') % (
                                 hostname, fingerprint),