cURL / Mailing Lists / curl-library / Single Mail


Re: schannel modifications for WinCE 6

From: Daniel Stenberg <>
Date: Thu, 11 Sep 2014 11:14:38 +0200 (CEST)

On Wed, 10 Sep 2014, Ben Sutcliffe wrote:

> I can submit a patch if you guys are interested

Yes thanks, that'd be great! I'm sure there is or will be other interested

> curl_schannel.c: - Explicitly set cipher algorithm to RC4. Whatever the
> default cipher was, it wasn't working unless I was careful to pad my
> messages to presumably the correct block size (?). I'm guessing RC4 works
> since it's a stream cipher instead of a block cipher...but I don't know much
> about crypto. Not sure how secure RC4 is maybe there's a better
> alternative.

RC4 is insecure. To the point where we've stopped using it in general, and it
is being avoided universally where security and encryption are involved. See

The main problem with completely disabling RC4 all over tends to involve old
Windows installations, see

So, you need to consider the alternatives. RC4 is known to be insecure, but
possibly less bad than what other algorithms you can choose from!

> - Fix an apparent bug in hostname verification for wildcard certs. For *.
> from the cert, it was comparing "" instead of "
>" against the server's hostname

Oh, that's not just for the embedded version then is it? It sounds significant
enough that it is strange that it hasn't already been reported...

> - A few small mods to allow to libcurl to build for WinCE 6 (eg, use
> send()/recv() instead of write()/read()).

What? AFAIK, only minix uses write() and everything else uses send() already
(and all internals do it with swrite() which is a macro that "hides" the real
function being used). Am I wrong?

List admin:
Received on 2014-09-11