diff options
author | Marc Hoersken <info@marc-hoersken.de> | 2014-01-19 14:13:21 +0100 |
---|---|---|
committer | Marc Hoersken <info@marc-hoersken.de> | 2014-01-31 20:01:25 +0100 |
commit | 82f558366f7db6de5fef2e7d02c0d3a7a4bc4057 (patch) | |
tree | 97f3e3fce9ea04171e306a176e2f328266ed6021 | |
parent | 6fb34ea6c60a35c8ac27ba7091fa95c2c4803913 (diff) |
winssl: improved default SSL/TLS protocol selection
For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2
if it is not explicitly enabled within grbitEnabledProtocols.
More information can be found on MSDN:
http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx
-rw-r--r-- | lib/vtls/curl_schannel.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/vtls/curl_schannel.c b/lib/vtls/curl_schannel.c index f932b8039..33c9aac8e 100644 --- a/lib/vtls/curl_schannel.c +++ b/lib/vtls/curl_schannel.c @@ -195,6 +195,12 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) case CURL_SSLVERSION_SSLv2: schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT; break; + default: + schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT | + SP_PROT_TLS1_1_CLIENT | + SP_PROT_TLS1_2_CLIENT | + SP_PROT_SSL3_CLIENT; + break; } /* allocate memory for the re-usable credential handle */ |