-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS version "or later" doesn't work for schannel and Secure Transport as it works with OpenSSL #2969
Comments
This is not fixed. I've updated the issue, to denote, that it works with openSSL, but does not work with WinSSL |
Any timeframe when this could be expected to be fixed and released? |
No. |
I can't reproduce this. What server are you having this problem with and what commit are you using? For example |
@jay is that with SChannel? With Secure Transport on git head I get failures to connect on |
I will do some digging tomorrow to see whats going on. |
I have a proposed bugfix for Secure Transport in #3010, please that patch @lietusme and @programuotojasgf. |
My results yesterday were erroneous I can reproduce this in schannel, |
Thanks! I assume this fix will be released on October 31, 2018 timeframe only? https://curl.haxx.se/dev/release-procedure.html |
@lietusme correct, but you can also verify/test/play with it using a daily snapshot. |
I did this
I'm using this option https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
For me it works as specific version setters - does not go upwards, even if the server supports it. For example:
CURL_SSLVERSION_TLSv1 -> this default options works with 1.0 1.1 1.2 1.3 (probably future proof for 1.4 and so on)
CURL_SSLVERSION_TLSv1_0 -> this option only works with 1.0 . It fails with a server that only supports 1.1, 1.2 or 1.3
currently CURL_SSLVERSION_TLSv1 supports TLS 1.0 , 1.1 , 1.2 , 1.3
currently CURL_SSLVERSION_TLSv1_0 supports TLS 1.0
currently CURL_SSLVERSION_TLSv1_1 supports TLS 1.1
currently CURL_SSLVERSION_TLSv1_2 supports TLS 1.2
currently CURL_SSLVERSION_TLSv1_3 supports TLS 1.3
I expected the following
I expect CURL_SSLVERSION_TLSv1 to support TLS 1.0 , 1.1 , 1.2 , 1.3
I expect CURL_SSLVERSION_TLSv1_0 to support TLS 1.0 , 1.1 , 1.2 , 1.3
I expect CURL_SSLVERSION_TLSv1_1 to support TLS 1.1 , 1.2 , 1.3
I expect CURL_SSLVERSION_TLSv1_2 to support TLS 1.2 , 1.3
I expect CURL_SSLVERSION_TLSv1_3 to support TLS 1.3
curl/libcurl version
WinSSL -> libcurl/7.61.1-DEV WinSSL
and also
DarwinSSL(iOS) -> libcurl/7.61.1-DEV SecureTransport zlib/1.2.8
NOTE: Works as expected with openSSL, only works badly with WinSSL and darwinSSL(iOS)
operating system
Windows 10 Professional x64
The text was updated successfully, but these errors were encountered: