Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

schannel.c ignores tls-max when tlsv1.x isn't set #4633

Closed
wants to merge 1 commit into from

Conversation

@xiaoyinl
Copy link
Contributor

xiaoyinl commented Nov 23, 2019

If you run curl --tls-max 1.1 https://example.com on Windows using SChannel, curl incorrectly ignores the --tls-max 1.1 argument, and it uses TLS 1.2 instead.

This patch fixes it by using set_ssl_version_min_max to set grbitEnabledProtocols when conn->ssl_config.version is CURL_SSLVERSION_DEFAULT and CURL_SSLVERSION_TLSv1

If you run `curl --tls-max 1.1 https://example.com` on Windows using SChannel, curl incorrectly ignores the `--tls-max 1.1` argument, and it uses TLS 1.2 instead.

This patch fixes it by using `set_ssl_version_min_max` to set `grbitEnabledProtocols` when `conn->ssl_config.version` is CURL_SSLVERSION_DEFAULT and `CURL_SSLVERSION_TLSv1`
@bagder bagder added the SSL/TLS label Nov 23, 2019
@jay jay closed this in 0a65feb Nov 24, 2019
@jay

This comment has been minimized.

Copy link
Member

jay commented Nov 24, 2019

Thanks

@xiaoyinl xiaoyinl deleted the xiaoyinl:patch-1 branch Nov 24, 2019
@xiaoyinl

This comment has been minimized.

Copy link
Contributor Author

xiaoyinl commented Nov 24, 2019

Thank you for accepting this PR! This is my first patch to curl. Will my name be added to https://curl.haxx.se/docs/thanks.html?

@bagder

This comment has been minimized.

Copy link
Member

bagder commented Nov 24, 2019

@xiaoyinl yes it will! We typically update that file (docs/THANKS in the repo) at release-time, so your name should appear in there no later than that!

@xiaoyinl

This comment has been minimized.

Copy link
Contributor Author

xiaoyinl commented Nov 24, 2019

@bagder I see. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.