From patchwork Wed May 15 19:32:07 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: httpconnection: force SSLv3 if the ssl module is available
From: Augie Fackler <raf@durin42.com>
X-Patchwork-Id: 1654
Message-Id: <900ab7c23f9ed458a8fc.1368646327@arthedain.pit.corp.google.com>
To: mercurial-devel@selenic.com
Date: Wed, 15 May 2013 15:32:07 -0400

# HG changeset patch
# User Augie Fackler <raf@durin42.com>
# Date 1368646190 14400
#      Wed May 15 15:29:50 2013 -0400
# Branch stable
# Node ID 900ab7c23f9ed458a8fc58ad3db239de8568f87b
# Parent  278057693a1ddb93f95fa641e30e7a966ac98434
httpconnection: force SSLv3 if the ssl module is available

diff --git a/mercurial/httpconnection.py b/mercurial/httpconnection.py
--- a/mercurial/httpconnection.py
+++ b/mercurial/httpconnection.py
@@ -279,6 +279,13 @@
             kwargs['keyfile'] = keyfile
         if certfile:
             kwargs['certfile'] = certfile
+        try:
+            import ssl
+            kwargs['ssl_version'] = ssl.PROTOCOL_SSLv3
+        except ImportError:
+            # Python < 2.6 won't have an ssl module, so we can't force SSLv3.
+            pass
+
 
         kwargs.update(sslutil.sslkwargs(self.ui, host))