schannel: support selecting ciphers

Given the contstraints of SChannel, I'm exposing these as the algorithms
themselves instead; while replicating the ciphersuite as specified by
OpenSSL would have been preferable, I found no way in the SChannel API
to do so.

To use this from the commandline, you need to pass the names of contants
defining the desired algorithms. For example, curl --ciphers
"CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM"
https://github.com The specific names come from wincrypt.h

Closes #2630

1 files changed, 51 insertions, 0 deletions

diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md
index 99d9f7dc7..2a1d8ca7e 100644
--- a/docs/CIPHERS.md
+++ b/docs/CIPHERS.md
@@ -434,3 +434,54 @@ but libcurl maps them to the following case-insensitive names.
 `ECDHE-PSK-CHACHA20-POLY1305`,
 `DHE-PSK-CHACHA20-POLY1305`,
 `EDH-RSA-DES-CBC3-SHA`,
+
+## WinSSL
+
+WinSSL allows the enabling and disabling of encryption algorithms, but not specific ciphersuites. They are defined by Microsoft (https://msdn.microsoft.com/en-us/library/windows/desktop/aa375549(v=vs.85).aspx)
+
+`CALG_MD2`,
+`CALG_MD4`,
+`CALG_MD5`,
+`CALG_SHA`,
+`CALG_SHA1`,
+`CALG_MAC`,
+`CALG_RSA_SIGN`,
+`CALG_DSS_SIGN`,
+`CALG_NO_SIGN`,
+`CALG_RSA_KEYX`,
+`CALG_DES`,
+`CALG_3DES_112`,
+`CALG_3DES`,
+`CALG_DESX`,
+`CALG_RC2`,
+`CALG_RC4`,
+`CALG_SEAL`,
+`CALG_DH_SF`,
+`CALG_DH_EPHEM`,
+`CALG_AGREEDKEY_ANY`,
+`CALG_HUGHES_MD5`,
+`CALG_SKIPJACK`,
+`CALG_TEK`,
+`CALG_CYLINK_MEK`,
+`CALG_SSL3_SHAMD5`,
+`CALG_SSL3_MASTER`,
+`CALG_SCHANNEL_MASTER_HASH`,
+`CALG_SCHANNEL_MAC_KEY`,
+`CALG_SCHANNEL_ENC_KEY`,
+`CALG_PCT1_MASTER`,
+`CALG_SSL2_MASTER`,
+`CALG_TLS1_MASTER`,
+`CALG_RC5`,
+`CALG_HMAC`,
+`CALG_TLS1PRF`,
+`CALG_HASH_REPLACE_OWF`,
+`CALG_AES_128`,
+`CALG_AES_192`,
+`CALG_AES_256`,
+`CALG_AES`,
+`CALG_SHA_256`,
+`CALG_SHA_384`,
+`CALG_SHA_512`,
+`CALG_ECDH`,
+`CALG_ECMQV`,
+`CALG_ECDSA`,