curl-library
[PATCH] winssl: improved default SSL/TLS protocol selection
From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Sun, 19 Jan 2014 14:13:21 +0100
Date: Sun, 19 Jan 2014 14:13:21 +0100
For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2
if it is not explicitly enabled within grbitEnabledProtocols.
More information can be found on MSDN:
http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx
---
lib/vtls/curl_schannel.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/vtls/curl_schannel.c b/lib/vtls/curl_schannel.c
index f932b80..33c9aac 100644
--- a/lib/vtls/curl_schannel.c
+++ b/lib/vtls/curl_schannel.c
@@ -195,6 +195,12 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
case CURL_SSLVERSION_SSLv2:
schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;
break;
+ default:
+ schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
+ SP_PROT_TLS1_1_CLIENT |
+ SP_PROT_TLS1_2_CLIENT |
+ SP_PROT_SSL3_CLIENT;
+ break;
}
/* allocate memory for the re-usable credential handle */
--
1.8.1.msysgit.1
--------------020809070606010800050208
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
--------------020809070606010800050208--
Received on 2001-09-17