curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Problem adding TLS 1.3 support on curl - schannel on Windows 21H2 preview

From: Gilles Vollant via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 29 Apr 2021 09:45:43 +0200

Hello,

I have installed Windows 2022 preview (same base than future Windows 10
21H2)

 

With this version, software that call wininet download use TLS 1.3

Internet explorer 11 (after checking TLS 1.3 in options) also uses TLS 1.3

https://tls13.akamai.io/ website tell TLS_AES_256_GCM_SHA384 cipher is used,
both by internet explorer or a wininet download.

 

I tried add support of TLS 1.3 on curl schannel, by adding constant
SP_PROT_TLS1_3_CLIENT from current Windows SDK

But when I run

curl https://tls13.akamai.io/ --tlsv1.3

 

I got error:

schannel: AcquireCredentialsHandle failed: SEC_E_ALGORITHM_MISMATCH
(0x80090331) - The client and server cannot communicate, because they do not
possess a common algorithm.

 

 

Any idea?

 

Regards

Gilles Vollant

 

https://github.com/gvollant/curl/tree/gv_schannel_tls13

 

https://github.com/curl/curl/discussions/6958

 

https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in
-windows-server-2022

 

https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserve
r

 



-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-04-29