Skip to content

build: make NTLM disabled by default#20698

Closed
bagder wants to merge 2 commits intomasterfrom
bagder/ntlm-disabled
Closed

build: make NTLM disabled by default#20698
bagder wants to merge 2 commits intomasterfrom
bagder/ntlm-disabled

Conversation

@bagder
Copy link
Copy Markdown
Member

@bagder bagder commented Feb 23, 2026
edited
Loading

NTLM has weak security and does not work over HTTP/2 or HTTP/3.

Note: this also disables SMB(S) support by default as it depends on NTLM to function.

Enable in cmake or configure to get support for it. (Tentatively to get merged in the coming feature window, late March 2026)

  • document this
  • enabled in many CI jobs (at least once for each TLS backend)

@bagder bagder added feature-window A merge of this requires an open feature window authentication labels Feb 23, 2026
@github-actions github-actions bot added the CI Continuous Integration label Feb 23, 2026
@BillyONeal
Copy link
Copy Markdown
Contributor

BillyONeal commented Feb 23, 2026
edited
Loading

Related: https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526

EDIT: And also https://youtu.be/zlhoAYsSd4c

vszakats
vszakats reviewed Feb 23, 2026
View reviewed changes
Comment thread .github/workflows/macos.yml Outdated
vszakats added a commit to curl/curl-for-win that referenced this pull request Feb 24, 2026
@vszakats
curl.sh: prepare to disable NTLM by 8.20.0 [ci skip]
8bcb013 
Ref: curl/curl#20698
@bagder bagder force-pushed the bagder/ntlm-disabled branch from 98b839d to 8f13081 Compare February 25, 2026 14:12
@michael-o
Copy link
Copy Markdown
Contributor

michael-o commented Feb 27, 2026

FTR: https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported

@bagder bagder force-pushed the bagder/ntlm-disabled branch 2 times, most recently from 6ec6716 to 9908d09 Compare March 2, 2026 15:47
@bagder bagder marked this pull request as ready for review March 2, 2026 16:04
bagder added a commit that referenced this pull request Mar 21, 2026
@bagder
build: make NTLM disabled by default
88f8cd0 
NTLM has weak security and does not work over HTTP/2 or HTTP/3.

Enable in cmake or configure to get support for it.

Closes #20698
@bagder bagder force-pushed the bagder/ntlm-disabled branch from 9908d09 to 1ccdf8b Compare March 21, 2026 11:30
bagder added 2 commits March 21, 2026 15:09
@bagder
build: make NTLM disabled by default
dc5cfa8 
NTLM has weak security and does not work over HTTP/2 or HTTP/3.

Enable in cmake or configure to get support for it.

Closes #20698
@bagder
GHA: add NTLM to lots of builds
3032efb
@bagder bagder force-pushed the bagder/ntlm-disabled branch from 1ccdf8b to 3032efb Compare March 21, 2026 14:10
@bagder bagder closed this in cc0c83c Mar 21, 2026
@bagder bagder deleted the bagder/ntlm-disabled branch March 21, 2026 14:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vszakats vszakats vszakats left review comments

Assignees

No one assigned

Labels

authentication CI Continuous Integration feature-window A merge of this requires an open feature window

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bagder @BillyONeal @michael-o @vszakats