Comments
Patch
@@ -427,73 +427,37 @@ def wrapsocket(sock, keyfile, certfile,
# TLS 1.1+ and the server only supports TLS 1.0. Whatever the
# reason, try to emit an actionable warning.
if e.reason == 'UNSUPPORTED_PROTOCOL':
- # We attempted TLS 1.0+.
- if settings[b'protocolui'] == b'tls1.0':
- # We support more than just TLS 1.0+. If this happens,
- # the likely scenario is either the client or the server
- # is really old. (e.g. server doesn't support TLS 1.0+ or
- # client doesn't support modern TLS versions introduced
- # several years from when this comment was written).
- if supportedprotocols != {b'tls1.0'}:
- ui.warn(
- _(
- b'(could not communicate with %s using security '
- b'protocols %s; if you are using a modern Mercurial '
- b'version, consider contacting the operator of this '
- b'server; see '
- b'https://mercurial-scm.org/wiki/SecureConnections '
- b'for more info)\n'
- )
- % (
- pycompat.bytesurl(serverhostname),
- b', '.join(sorted(supportedprotocols)),
- )
- )
- else:
- ui.warn(
- _(
- b'(could not communicate with %s using TLS 1.0; the '
- b'likely cause of this is the server no longer '
- b'supports TLS 1.0 because it has known security '
- b'vulnerabilities; see '
- b'https://mercurial-scm.org/wiki/SecureConnections '
- b'for more info)\n'
- )
- % pycompat.bytesurl(serverhostname)
- )
- else:
- # We attempted TLS 1.1+. We can only get here if the client
- # supports the configured protocol. So the likely reason is
- # the client wants better security than the server can
- # offer.
- ui.warn(
- _(
- b'(could not negotiate a common security protocol (%s+) '
- b'with %s; the likely cause is Mercurial is configured '
- b'to be more secure than the server can support)\n'
- )
- % (
- settings[b'protocolui'],
- pycompat.bytesurl(serverhostname),
- )
+ # We can only get here if the client supports the configured
+ # protocol. So the likely reason is the client wants better
+ # security than the server can offer.
+ ui.warn(
+ _(
+ b'(could not negotiate a common security protocol (%s+) '
+ b'with %s; the likely cause is Mercurial is configured '
+ b'to be more secure than the server can support)\n'
+ )
+ % (
+ settings[b'protocolui'],
+ pycompat.bytesurl(serverhostname),
)
- ui.warn(
- _(
- b'(consider contacting the operator of this '
- b'server and ask them to support modern TLS '
- b'protocol versions; or, set '
- b'hostsecurity.%s:minimumprotocol=tls1.0 to allow '
- b'use of legacy, less secure protocols when '
- b'communicating with this server)\n'
- )
- % pycompat.bytesurl(serverhostname)
+ )
+ ui.warn(
+ _(
+ b'(consider contacting the operator of this '
+ b'server and ask them to support modern TLS '
+ b'protocol versions; or, set '
+ b'hostsecurity.%s:minimumprotocol=tls1.0 to allow '
+ b'use of legacy, less secure protocols when '
+ b'communicating with this server)\n'
)
- ui.warn(
- _(
- b'(see https://mercurial-scm.org/wiki/SecureConnections '
- b'for more info)\n'
- )
+ % pycompat.bytesurl(serverhostname)
+ )
+ ui.warn(
+ _(
+ b'(see https://mercurial-scm.org/wiki/SecureConnections '
+ b'for more info)\n'
)
+ )
elif e.reason == 'CERTIFICATE_VERIFY_FAILED' and pycompat.iswindows: