James O'Cull added the comment: We have more information on this bug here. It's SSL v2 related when pushing to IIS.
http://stackoverflow.com/a/16486104/97964 Here's a paste from the StackOverflow answer: I found a few ways of dealing with this issue: To fix this server-side in IIS, download and install https://www.nartac.com/Products/IISCrypto/Default.aspx and click the BEAST button, or force SSL3.0 by disabling other protocols. If you don't have access to the IIS server, you can fix it by rolling back Python to version 2.7.2 or earlier. If you are adventurous, you can modify the mercurial source in sslutil.py, near the top, change the line sslsocket = ssl.wrap_socket(sock, keyfile, certfile, cert_reqs=cert_reqs, ca_certs=ca_certs) to from _ssl import PROTOCOL_SSLv3 sslsocket = ssl.wrap_socket(sock, keyfile, certfile, cert_reqs=cert_reqs, ca_certs=ca_certs, ssl_version=PROTOCOL_SSLv3) This will work around the problem and fix the push limit to mercurial behind IIS. If you are interested in why Python 2.7.3 broke this, look at http://bugs.python.org/issue13885 for the explanation (it is security-related). If you want to modify Python itself, in Modules/_ssl.c change the line SSL_CTX_set_options(self->ctx, SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); back to how it was prior to 2.7.3: SSL_CTX_set_options(self->ctx, SSL_OP_ALL); Compile and reinstall python, etc. This adds more SSL compatibility at the expense of potential security risks, if I understand the OpenSSL docs correctly. ---------- nosy: +James.O'Cull _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17948> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
