curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Problem adding TLS 1.3 support on curl - schannel on Windows 21H2 preview

From: Geoff Beier via curl-library <>
Date: Thu, 29 Apr 2021 12:55:13 -0400


I pulled your branch and gave it a quick test on current Windows 10. I
saw the same behavior you did.

On Apr 29 2021, at 3:45 am, Gilles Vollant via curl-library
<> wrote:

> I got error:
> schannel: AcquireCredentialsHandle failed: SEC_E_ALGORITHM_MISMATCH
> (0x80090331) - The client and server cannot communicate, because they
> do not possess a common algorithm.

That was happening because TLSv1.3 is disabled by default on my system.

Adding the following to the registry caused it to be enabled:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client]

Once I did that, I ran into a new error:

"schannel: can't renegotiate, encrypted data available."

By commenting out this check:

I was able to proceed and negotiate a TLS 1.3 connection with the akamai server.

I don't know enough about the schannel backend to propose a correct fix,
though, and that is almost certainly not it.

I hope it helps someone who does know enough see where to look next.


Received on 2021-04-29