Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
RE: Problem adding TLS 1.3 support on curl - schannel on Windows 21H2 preview
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Gilles Vollant via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 29 Apr 2021 18:44:23 +0200
Solution is reading
https://www.microsoft.com/security/blog/2020/08/20/taking-transport-layer-se
curity-tls-to-the-next-level-with-tls-1-3/
https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-scha
nnel_cred
must be replaced by
https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-sch_
credentials
De : Gilles Vollant <vollant.g_at_gmail.com>
Envoyé : jeudi 29 avril 2021 09:46
À : 'curl-library_at_cool.haxx.se' <curl-library_at_cool.haxx.se>
Objet : Problem adding TLS 1.3 support on curl - schannel on Windows 21H2
preview
Hello,
I have installed Windows 2022 preview (same base than future Windows 10
21H2)
With this version, software that call wininet download use TLS 1.3
Internet explorer 11 (after checking TLS 1.3 in options) also uses TLS 1.3
https://tls13.akamai.io/ website tell TLS_AES_256_GCM_SHA384 cipher is used,
both by internet explorer or a wininet download.
I tried add support of TLS 1.3 on curl schannel, by adding constant
SP_PROT_TLS1_3_CLIENT from current Windows SDK
But when I run
curl https://tls13.akamai.io/ --tlsv1.3
I got error:
schannel: AcquireCredentialsHandle failed: SEC_E_ALGORITHM_MISMATCH
(0x80090331) - The client and server cannot communicate, because they do not
possess a common algorithm.
Any idea?
Regards
Gilles Vollant
https://github.com/gvollant/curl/tree/gv_schannel_tls13
https://github.com/curl/curl/discussions/6958
https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in
-windows-server-2022
https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserve
r
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-04-29
Date: Thu, 29 Apr 2021 18:44:23 +0200
Solution is reading
https://www.microsoft.com/security/blog/2020/08/20/taking-transport-layer-se
curity-tls-to-the-next-level-with-tls-1-3/
https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-scha
nnel_cred
must be replaced by
https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-sch_
credentials
De : Gilles Vollant <vollant.g_at_gmail.com>
Envoyé : jeudi 29 avril 2021 09:46
À : 'curl-library_at_cool.haxx.se' <curl-library_at_cool.haxx.se>
Objet : Problem adding TLS 1.3 support on curl - schannel on Windows 21H2
preview
Hello,
I have installed Windows 2022 preview (same base than future Windows 10
21H2)
With this version, software that call wininet download use TLS 1.3
Internet explorer 11 (after checking TLS 1.3 in options) also uses TLS 1.3
https://tls13.akamai.io/ website tell TLS_AES_256_GCM_SHA384 cipher is used,
both by internet explorer or a wininet download.
I tried add support of TLS 1.3 on curl schannel, by adding constant
SP_PROT_TLS1_3_CLIENT from current Windows SDK
But when I run
curl https://tls13.akamai.io/ --tlsv1.3
I got error:
schannel: AcquireCredentialsHandle failed: SEC_E_ALGORITHM_MISMATCH
(0x80090331) - The client and server cannot communicate, because they do not
possess a common algorithm.
Any idea?
Regards
Gilles Vollant
https://github.com/gvollant/curl/tree/gv_schannel_tls13
https://github.com/curl/curl/discussions/6958
https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in
-windows-server-2022
https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserve
r
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-04-29