Closed Bug 1291241 Opened 8 years ago Closed 8 years ago

mercurial 3.9 issue warning connecting to hg.mozilla.org - warning: connecting to hg.mozilla.org using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info

Categories

(Developer Services :: Mercurial: hg.mozilla.org, defect)

Product:
Developer Services
Component:
Mercurial: hg.mozilla.org
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: cbook, Unassigned)

References

Details

just upgraded mercurial on mac via brew to 3.9 and get warning: connecting to hg.mozilla.org using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info

when pulling or pushing to the trees
Did you read the section on https://mercurial-scm.org/wiki/SecureConnections describing this error?
Flags: needinfo?(cbook)
the mbp here has python 2.7.12 via brew and also the latest mercurial (updated today) 

Python 2.7.12 (default, Jul 11 2016, 10:13:31) 
[GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> dir(ssl)
['AF_INET', 'ALERT_DESCRIPTION_ACCESS_DENIED', 'ALERT_DESCRIPTION_BAD_CERTIFICATE', 'ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE', 'ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE', 'ALERT_DESCRIPTION_BAD_RECORD_MAC', 'ALERT_DESCRIPTION_CERTIFICATE_EXPIRED', 'ALERT_DESCRIPTION_CERTIFICATE_REVOKED', 'ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN', 'ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE', 'ALERT_DESCRIPTION_CLOSE_NOTIFY', 'ALERT_DESCRIPTION_DECODE_ERROR', 'ALERT_DESCRIPTION_DECOMPRESSION_FAILURE', 'ALERT_DESCRIPTION_DECRYPT_ERROR', 'ALERT_DESCRIPTION_HANDSHAKE_FAILURE', 'ALERT_DESCRIPTION_ILLEGAL_PARAMETER', 'ALERT_DESCRIPTION_INSUFFICIENT_SECURITY', 'ALERT_DESCRIPTION_INTERNAL_ERROR', 'ALERT_DESCRIPTION_NO_RENEGOTIATION', 'ALERT_DESCRIPTION_PROTOCOL_VERSION', 'ALERT_DESCRIPTION_RECORD_OVERFLOW', 'ALERT_DESCRIPTION_UNEXPECTED_MESSAGE', 'ALERT_DESCRIPTION_UNKNOWN_CA', 'ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY', 'ALERT_DESCRIPTION_UNRECOGNIZED_NAME', 'ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE', 'ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION', 'ALERT_DESCRIPTION_USER_CANCELLED', 'CERT_NONE', 'CERT_OPTIONAL', 'CERT_REQUIRED', 'CHANNEL_BINDING_TYPES', 'CertificateError', 'DER_cert_to_PEM_cert', 'DefaultVerifyPaths', 'HAS_ALPN', 'HAS_ECDH', 'HAS_NPN', 'HAS_SNI', 'OPENSSL_VERSION', 'OPENSSL_VERSION_INFO', 'OPENSSL_VERSION_NUMBER', 'OP_ALL', 'OP_CIPHER_SERVER_PREFERENCE', 'OP_NO_COMPRESSION', 'OP_NO_SSLv2', 'OP_NO_SSLv3', 'OP_NO_TLSv1', 'OP_NO_TLSv1_1', 'OP_NO_TLSv1_2', 'OP_SINGLE_DH_USE', 'OP_SINGLE_ECDH_USE', 'PEM_FOOTER', 'PEM_HEADER', 'PEM_cert_to_DER_cert', 'PROTOCOL_SSLv23', 'PROTOCOL_SSLv3', 'PROTOCOL_TLSv1', 'PROTOCOL_TLSv1_1', 'PROTOCOL_TLSv1_2', 'Purpose', 'RAND_add', 'RAND_egd', 'RAND_status', 'SOCK_STREAM', 'SOL_SOCKET', 'SO_TYPE', 'SSLContext', 'SSLEOFError', 'SSLError', 'SSLSocket', 'SSLSyscallError', 'SSLWantReadError', 'SSLWantWriteError', 'SSLZeroReturnError', 'SSL_ERROR_EOF', 'SSL_ERROR_INVALID_ERROR_CODE', 'SSL_ERROR_SSL', 'SSL_ERROR_SYSCALL', 'SSL_ERROR_WANT_CONNECT', 'SSL_ERROR_WANT_READ', 'SSL_ERROR_WANT_WRITE', 'SSL_ERROR_WANT_X509_LOOKUP', 'SSL_ERROR_ZERO_RETURN', 'VERIFY_CRL_CHECK_CHAIN', 'VERIFY_CRL_CHECK_LEAF', 'VERIFY_DEFAULT', 'VERIFY_X509_STRICT', 'VERIFY_X509_TRUSTED_FIRST', '_ASN1Object', '_DEFAULT_CIPHERS', '_OPENSSL_API_VERSION', '_PROTOCOL_NAMES', '_RESTRICTED_SERVER_CIPHERS', '_SSLContext', '_SSLv2_IF_EXISTS', '__builtins__', '__doc__', '__file__', '__name__', '__package__', '_create_default_https_context', '_create_stdlib_context', '_create_unverified_context', '_delegate_methods', '_dnsname_match', '_fileobject', '_get_https_context_factory', '_https_verify_certificates', '_https_verify_envvar', '_import_symbols', '_nid2obj', '_ssl', '_txt2obj', 'base64', 'cert_time_to_seconds', 'closing', 'create_connection', 'create_default_context', 'errno', 'get_default_verify_paths', 'get_protocol_name', 'get_server_certificate', 'match_hostname', 'namedtuple', 'os', 're', 'socket', 'socket_error', 'sslwrap_simple', 'sys', 'textwrap', 'warnings', 'wrap_socket']
>>>
Flags: needinfo?(cbook)
This is a bug in homebrew's Mercurial package: they are using the system Python (/usr/bin/python) in hg's shebang.

Apple's Python doesn't support TLS 1.1 or 1.2. Homebrew should change their packaging to use Homebrew's Python, which does support modern crypto.

I'll raise this upstream.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.