Patchwork D12490: test: override default cipher selection when connecting to TLS 1.0/1.1 servers

login
register
mail settings
Submitter phabricator
Date April 9, 2022, 12:44 p.m.
Message ID <differential-rev-PHID-DREV-whw4mdf4jyx7q6s3ykj7-req@mercurial-scm.org>
Download mbox | patch
Permalink /patch/50836/
State New
Headers show

Comments

phabricator - April 9, 2022, 12:44 p.m.
jcristau created this revision.
Herald added a reviewer: hg-reviewers.
Herald added a subscriber: mercurial-patches.

REVISION SUMMARY
  The default set of ciphers on python 3.10 is incompatible with old TLS
  versions.

REPOSITORY
  rHG Mercurial

BRANCH
  default

REVISION DETAIL
  https://phab.mercurial-scm.org/D12490

AFFECTED FILES
  tests/test-https.t

CHANGE DETAILS




To: jcristau, #hg-reviewers
Cc: mercurial-patches, mercurial-devel

Patch

diff --git a/tests/test-https.t b/tests/test-https.t
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -361,9 +361,9 @@ 
 
 Clients talking same TLS versions work
 
-  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
+  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT/
   5fed3813f7f5
-  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
+  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT1/
   5fed3813f7f5
   $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
   5fed3813f7f5
@@ -405,6 +405,7 @@ 
 The per-host config option overrides the default
 
   $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
+  > --config hostsecurity.ciphers=DEFAULT \
   > --config hostsecurity.minimumprotocol=tls1.2 \
   > --config hostsecurity.localhost:minimumprotocol=tls1.0
   5fed3813f7f5