Comments
Patch
@@ -7,7 +7,9 @@
== Backwards Compatibility Changes ==
* Mercurial now requires at least Python 2.7.9 or a Python version that
- backported modern SSL/TLS features (as defined in PEP 466).
+ backported modern SSL/TLS features (as defined in PEP 466), and that Python
+ was compiled against a OpenSSL version supporting TLS 1.1 or TLS 1.2
+ (likely this requires the OpenSSL version to be at least 1.0.1).
== Internal API Changes ==
@@ -98,6 +98,23 @@ features.
printf(error, file=sys.stderr)
sys.exit(1)
+_notset = object()
+has_tlsv1_1 = getattr(ssl, 'HAS_TLSv1_1', _notset)
+if has_tlsv1_1 is _notset:
+ has_tlsv1_1 = getattr(ssl, 'PROTOCOL_TLSv1_1', _notset) is not _notset
+has_tlsv1_2 = getattr(ssl, 'HAS_TLSv1_2', _notset)
+if has_tlsv1_2 is _notset:
+ has_tlsv1_2 = getattr(ssl, 'PROTOCOL_TLSv1_2', _notset) is not _notset
+if not (has_tlsv1_1 or has_tlsv1_2):
+ error = """
+The `ssl` module does not advertise support for TLS 1.1 or TLS 1.2.
+Please make sure that your Python installation was compiled against an OpenSSL
+version enabling these features (likely this requires the OpenSSL version to
+be at least 1.0.1).
+"""
+ printf(error, file=sys.stderr)
+ sys.exit(1)
+
if sys.version_info[0] >= 3:
DYLIB_SUFFIX = sysconfig.get_config_vars()['EXT_SUFFIX']
else: