luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b4f9ae5126
curl/lib/vtls
History
Jay Satiro b4f9ae5126 schannel: fix user-set legacy algorithms in Windows 10 & 11 
- If the user set a legacy algorithm list (CURLOPT_SSL_CIPHER_LIST) then
  use the SCHANNEL_CRED legacy structure to pass the list to Schannel.

- If the user set both a legacy algorithm list and a TLS 1.3 cipher list
  then abort.

Although MS doesn't document it, Schannel will not negotiate TLS 1.3
when SCHANNEL_CRED is used. That means setting a legacy algorithm list
limits the user to earlier versions of TLS.

Prior to this change, since 8beff435 (precedes 7.85.0), libcurl would
ignore legacy algorithms in Windows 10 1809 and later.

Reported-by: zhihaoy@users.noreply.github.com

Fixes https://github.com/curl/curl/pull/10741
Closes https://github.com/curl/curl/pull/10746
2023-08-02 03:43:13 -04:00
..
bearssl.c bearssl: don't load CA certs when peer verification is disabled 2023-07-27 03:39:19 -04:00
bearssl.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
gskit.c cmake: add support for "unity" builds 2023-06-07 13:06:08 +00:00
gskit.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
gtls.c cmake: add support for "unity" builds 2023-06-07 13:06:08 +00:00
gtls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
hostcheck.c hostcheck: fix host name wildcard checking 2023-04-26 09:07:27 +02:00
hostcheck.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
keylog.c copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
keylog.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
mbedtls_threadlock.c copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
mbedtls_threadlock.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
mbedtls.c cmake: add support for "unity" builds 2023-06-07 13:06:08 +00:00
mbedtls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
openssl.c egd: delete feature detection and related source code 2023-08-01 21:58:56 +00:00
openssl.h ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl 2023-01-10 13:41:21 +01:00
rustls.c cmake: add support for "unity" builds 2023-06-07 13:06:08 +00:00
rustls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
schannel_int.h cmake: add support for "unity" builds 2023-06-07 13:06:08 +00:00
schannel_verify.c cmake: add support for "unity" builds 2023-06-07 13:06:08 +00:00
schannel.c schannel: fix user-set legacy algorithms in Windows 10 & 11 2023-08-02 03:43:13 -04:00
schannel.h cmake: add support for "unity" builds 2023-06-07 13:06:08 +00:00
sectransp.c sectransp: prevent CFRelease() of NULL 2023-08-01 08:17:26 +02:00
sectransp.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
vtls_int.h nss: remove support for this TLS library 2023-07-29 23:44:28 +02:00
vtls.c nss: remove support for this TLS library 2023-07-29 23:44:28 +02:00
vtls.h vtls: clarify "ALPN: offers" message 2023-08-01 08:16:14 +02:00
wolfssl.c wolfssl: support loading system CA certificates 2023-07-31 08:27:50 +02:00
wolfssl.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
x509asn1.c nss: remove support for this TLS library 2023-07-29 23:44:28 +02:00
x509asn1.h nss: remove support for this TLS library 2023-07-29 23:44:28 +02:00