Travis CI Linux Build Environments can't clone from BitBucket anymore (mercurial)

build-env

#1

Travis CI Linux Environments are unable to clone mercurial repositories from bitbucket.org, since they’ve disabled support for TLS 1.0 and 1.1 and the mercurial clients in the Linux Environment are not up to date enough.

https://bitbucket.org/blog/deprecating-tlsv1-tlsv1-1-2018-12-01
https://www.mercurial-scm.org/wiki/SecureConnections

warning: connecting to bitbucket.org using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
(using CA certificates from /etc/ssl/certs/ca-certificates.crt; if you see this message, your Mercurial install is not properly configured; see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this message)
abort: error: _ssl.c:510: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Link to an actual failure: https://travis-ci.org/pypa/pip/jobs/462231808


#3

Try using Xenial, please.


#4

That works! Thanks! I’ll get us moved over.

Is the general recommendation to move to xenial? Any ETA on trusty support dying?


#5

According to https://stackoverflow.com/questions/37852472/how-to-support-tls-1-1-1-2-for-python-2-7 and https://bitbucket.org/blog/deprecating-tlsv1-tlsv1-1-2018-12-01 , only Python 2.7.9+ supports TLS 1.2, and Trusty ships with 2.7.5. Moreover, it ships with openssl1.0.1f which has the Heartbleed bug (for one-off VMs behind a NAT it’s not a very big deal, but it probably incites other people to keep supporting this vulnerable Ubuntu version).

So it’s probably a wise move to drop support.