SChannel: Support SCH_USE_STRONG_CRYPTO #6734
Closed
+13
−0
Conversation
fixup: Match format preferences for
lib/vtls/schannel.c
Outdated
| @@ -335,6 +335,11 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers) | |||
| alg = get_alg_id_by_name(startCur); | |||
| if(alg) | |||
| algIds[algCount++] = alg; | |||
| #ifdef SCH_USE_STRONG_CRYPTO | |||
xim
Mar 12, 2021
Author
Contributor
Checks revealed that old toolchains don't provide SCH_USE_STRONG_CRYPTO. Is it better to do this, or should I rather do
#ifndef SCH_USE_STRONG_CRYPTO
#define SCH_USE_STRONG_CRYPTO 0x00400000
#endif
Checks revealed that old toolchains don't provide SCH_USE_STRONG_CRYPTO. Is it better to do this, or should I rather do
#ifndef SCH_USE_STRONG_CRYPTO
#define SCH_USE_STRONG_CRYPTO 0x00400000
#endif
jay
Mar 14, 2021
Member
should I rather do
#ifndef SCH_USE_STRONG_CRYPTO
#define SCH_USE_STRONG_CRYPTO 0x00400000
#endif
yes
should I rather do
#ifndef SCH_USE_STRONG_CRYPTO #define SCH_USE_STRONG_CRYPTO 0x00400000 #endif
yes
|
I'm happy with the patch as is, and all test failures appeared to be unrelated. Just tell me if further actions are required. |
|
It looks fine, it will be added next feature window. Ignore the test failures that's an unrelated issue. |
|
Thanks. I just landed a slightly modified version, it documents SCH_USE_STRONG_CRYPTO instead of USE_STRONG_CRYPTO but both are accepted. I did this for consistency because the other schannel cipher options use OS symbols, eg CALG_ECDH_EPHEM. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Feature was discussed on curl-library@cool.haxx.se;
Subject: Adding flags to SChannel cred.I wasn't sure about where, and to what extent, this should be documented.
Also note that I tested this by compiling curl.exe on the latest preview on windows 10. Downloading https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html with and without
--ciphers USE_STRONG_CRYPTOand diffing the results shows that 3des is correctly disabled.