aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarc Hoersken <info@marc-hoersken.de>2014-01-19 14:13:21 +0100
committerMarc Hoersken <info@marc-hoersken.de>2014-01-31 20:01:25 +0100
commit82f558366f7db6de5fef2e7d02c0d3a7a4bc4057 (patch)
tree97f3e3fce9ea04171e306a176e2f328266ed6021
parent6fb34ea6c60a35c8ac27ba7091fa95c2c4803913 (diff)
winssl: improved default SSL/TLS protocol selection
For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2 if it is not explicitly enabled within grbitEnabledProtocols. More information can be found on MSDN: http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx
-rw-r--r--lib/vtls/curl_schannel.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/vtls/curl_schannel.c b/lib/vtls/curl_schannel.c
index f932b8039..33c9aac8e 100644
--- a/lib/vtls/curl_schannel.c
+++ b/lib/vtls/curl_schannel.c
@@ -195,6 +195,12 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
case CURL_SSLVERSION_SSLv2:
schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;
break;
+ default:
+ schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
+ SP_PROT_TLS1_1_CLIENT |
+ SP_PROT_TLS1_2_CLIENT |
+ SP_PROT_SSL3_CLIENT;
+ break;
}
/* allocate memory for the re-usable credential handle */