FYI -- this may explain some issues last week.
---------- Forwarded message ---------- From: Mads Kiilerich firstname.lastname@example.org Date: Mon, Oct 20, 2014 at 2:22 PM Subject: Mercurial & SSL & POODLE, Mercurial 2.7 and 2.7.1 and SSL error: sslv3 alert handshake failure To: "email@example.com" firstname.lastname@example.org
The recent POODLE story has raised the awareness of the problems with old SSL versions. It might make sense to take the opportunity to disable SSLv3 on web servers hosting Mercurial repositories.
Note however that there was a client side bug in Mercurial 2.7 and 2.7.1 that made it use SSLv3 without considering more recent versions. Trying to connect to servers without SSLv3 with these Mercurial versions will fail with something like: abort: error: _ssl.c:507: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure or if using TortoiseHg: SSL error: sslv3 alert handshake failure
The solution is to upgrade Mercurial (or TortoiseHg) to a more recent version.
Mercurial mailing list Mercurial@selenic.com http://selenic.com/mailman/listinfo/mercurial
yt-dev mailing list email@example.com http://lists.spacepope.org/listinfo.cgi/yt-dev-spacepope.org