Antoine Pitrou added the comment: Thank you for pointing this out. I am frankly shocked that IIS would defaut to SSLv2 (an obsolete and insecure version of the protocol), while Python's (and certainly Mercurial's) default settings allow for higher protocol versions.
> If you are interested in why Python 2.7.3 broke this, look at > http://bugs.python.org/issue13885 for the explanation (it is > security-related). Indeed, it is a security fix. I have no desire to undo this change, which means things may get a bit painful with IIS apparently. One way to deal with it may be to detect IIS after the first wrap_socket() (through an HTTP header in the response?) and then re-issue a wrap_socket() with IIS-specific parameters. (forcing SSLv3 as the client protocol isn't terrific, since TLSv1 is AFAIR supposed to have improved security) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17948> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
