From: Debian Python Team <team+python@tracker.debian.org>
Date: Tue, 7 Jun 2022 18:53:46 +0000 (+0100)
Subject: _test__override_default_cipher_selection_when_connecting_to_TLS_1_0_1_1_servers
X-Git-Tag: archive/raspbian/6.1.3-1+rpi1^2~11
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=20f0cc082ed66f8db7c50e6b19c3c3ae08f08dd7;p=mercurial.git

_test__override_default_cipher_selection_when_connecting_to_TLS_1_0_1_1_servers

# HG changeset patch
# User Julien Cristau <jcristau@debian.org>
# Date 1649507297 -7200
#      Sat Apr 09 14:28:17 2022 +0200
# Node ID 41f738aed141d3a29c5ed5d33a9e79cad15b0669
# Parent  c871c4fbc94f88e8c78a6bd4ece15d239cbdea10
test: override default cipher selection when connecting to TLS 1.0/1.1 servers

The default set of ciphers on python 3.10 is incompatible with old TLS
versions.

Differential Revision: https://phab.mercurial-scm.org/D12490


Gbp-Pq: Topic py310
Gbp-Pq: Name 5_test__override_default_cipher_selection_when_connecting_to_TLS_1_0_1_1_servers.patch
---

diff --git a/tests/test-https.t b/tests/test-https.t
index 8070f72..9cd28de 100644
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -361,9 +361,9 @@ Start servers running supported TLS versions
 
 Clients talking same TLS versions work
 
-  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 id https://localhost:$HGPORT/
+  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.0 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT/
   5fed3813f7f5
-  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 id https://localhost:$HGPORT1/
+  $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.1 --config hostsecurity.ciphers=DEFAULT id https://localhost:$HGPORT1/
   5fed3813f7f5
   $ P="$CERTSDIR" hg --config hostsecurity.minimumprotocol=tls1.2 id https://localhost:$HGPORT2/
   5fed3813f7f5
@@ -405,6 +405,7 @@ Clients requiring newer TLS version than what server supports fail
 The per-host config option overrides the default
 
   $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
+  > --config hostsecurity.ciphers=DEFAULT \
   > --config hostsecurity.minimumprotocol=tls1.2 \
   > --config hostsecurity.localhost:minimumprotocol=tls1.0
   5fed3813f7f5