Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

schannel.c ignores tls-max when tlsv1.x isn't set #4633

Closed
wants to merge 1 commit into from
Closed
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

schannel.c ignores tls-max when tlsv1.x isn't set

If you run `curl --tls-max 1.1 https://example.com` on Windows using SChannel, curl incorrectly ignores the `--tls-max 1.1` argument, and it uses TLS 1.2 instead.

This patch fixes it by using `set_ssl_version_min_max` to set `grbitEnabledProtocols` when `conn->ssl_config.version` is CURL_SSLVERSION_DEFAULT and `CURL_SSLVERSION_TLSv1`
  • Loading branch information
xiaoyinl committed Nov 23, 2019
commit 57443c563a9ef84c8575a7195be53ab9017e0eaf
@@ -554,10 +554,6 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
switch(conn->ssl_config.version) {
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
SP_PROT_TLS1_1_CLIENT |
SP_PROT_TLS1_2_CLIENT;
break;
case CURL_SSLVERSION_TLSv1_0:
case CURL_SSLVERSION_TLSv1_1:
case CURL_SSLVERSION_TLSv1_2:
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.