summaryrefslogtreecommitdiffstats
path: root/Utilities
diff options
context:
space:
mode:
authorBrad King <brad.king@kitware.com>2022-11-09 21:10:57 (GMT)
committerBrad King <brad.king@kitware.com>2022-11-09 22:05:39 (GMT)
commitc0a4536cecc2e8574399f0d1d87ad74e92f0be15 (patch)
treebb934e7c58af12eb5e7a5f3a01c8422cbe6422d5 /Utilities
parente242fa19caa152e7c317fde7f6eb79fb04451982 (diff)
downloadCMake-c0a4536cecc2e8574399f0d1d87ad74e92f0be15.zip
CMake-c0a4536cecc2e8574399f0d1d87ad74e92f0be15.tar.gz
CMake-c0a4536cecc2e8574399f0d1d87ad74e92f0be15.tar.bz2
curl: Disable schannel TLS 1.3 support on Windows 11
Curl 7.85.0 introduced support for TLS 1.3 support with schannel. We've observed connection failures in some cases, so disable the support pending further investigation. Fixes: #24147
Diffstat (limited to 'Utilities')
-rw-r--r--Utilities/cmcurl/lib/vtls/schannel.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/Utilities/cmcurl/lib/vtls/schannel.c b/Utilities/cmcurl/lib/vtls/schannel.c
index 454eb79..e022a2c 100644
--- a/Utilities/cmcurl/lib/vtls/schannel.c
+++ b/Utilities/cmcurl/lib/vtls/schannel.c
@@ -220,6 +220,7 @@ set_ssl_version_min_max(DWORD *enabled_protocols, struct Curl_easy *data,
case CURL_SSLVERSION_MAX_NONE:
case CURL_SSLVERSION_MAX_DEFAULT:
+#if 0 /* Disabled in CMake due to issue 24147 (curl issue 9431) */
/* Windows Server 2022 and newer (including Windows 11) support TLS 1.3
built-in. Previous builds of Windows 10 had broken TLS 1.3
implementations that could be enabled via registry.
@@ -229,6 +230,7 @@ set_ssl_version_min_max(DWORD *enabled_protocols, struct Curl_easy *data,
ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3;
}
else /* Windows 10 and older */
+#endif
ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2;
break;
@@ -247,6 +249,7 @@ set_ssl_version_min_max(DWORD *enabled_protocols, struct Curl_easy *data,
break;
case CURL_SSLVERSION_TLSv1_3:
+#if 0 /* Disabled in CMake due to issue 24147 (curl issue 9431) */
/* Windows Server 2022 and newer */
if(curlx_verify_windows_version(10, 0, 20348, PLATFORM_WINNT,
VERSION_GREATER_THAN_EQUAL)) {
@@ -257,6 +260,10 @@ set_ssl_version_min_max(DWORD *enabled_protocols, struct Curl_easy *data,
failf(data, "schannel: TLS 1.3 not supported on Windows prior to 11");
return CURLE_SSL_CONNECT_ERROR;
}
+#else
+ failf(data, "schannel: TLS 1.3 is not yet supported");
+ return CURLE_SSL_CONNECT_ERROR;
+#endif
}
}
return CURLE_OK;