From c0a4536cecc2e8574399f0d1d87ad74e92f0be15 Mon Sep 17 00:00:00 2001 From: Brad King Date: Wed, 9 Nov 2022 16:10:57 -0500 Subject: curl: Disable schannel TLS 1.3 support on Windows 11 Curl 7.85.0 introduced support for TLS 1.3 support with schannel. We've observed connection failures in some cases, so disable the support pending further investigation. Fixes: #24147 --- Utilities/cmcurl/lib/vtls/schannel.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Utilities/cmcurl/lib/vtls/schannel.c b/Utilities/cmcurl/lib/vtls/schannel.c index 454eb79..e022a2c 100644 --- a/Utilities/cmcurl/lib/vtls/schannel.c +++ b/Utilities/cmcurl/lib/vtls/schannel.c @@ -220,6 +220,7 @@ set_ssl_version_min_max(DWORD *enabled_protocols, struct Curl_easy *data, case CURL_SSLVERSION_MAX_NONE: case CURL_SSLVERSION_MAX_DEFAULT: +#if 0 /* Disabled in CMake due to issue 24147 (curl issue 9431) */ /* Windows Server 2022 and newer (including Windows 11) support TLS 1.3 built-in. Previous builds of Windows 10 had broken TLS 1.3 implementations that could be enabled via registry. @@ -229,6 +230,7 @@ set_ssl_version_min_max(DWORD *enabled_protocols, struct Curl_easy *data, ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3; } else /* Windows 10 and older */ +#endif ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2; break; @@ -247,6 +249,7 @@ set_ssl_version_min_max(DWORD *enabled_protocols, struct Curl_easy *data, break; case CURL_SSLVERSION_TLSv1_3: +#if 0 /* Disabled in CMake due to issue 24147 (curl issue 9431) */ /* Windows Server 2022 and newer */ if(curlx_verify_windows_version(10, 0, 20348, PLATFORM_WINNT, VERSION_GREATER_THAN_EQUAL)) { @@ -257,6 +260,10 @@ set_ssl_version_min_max(DWORD *enabled_protocols, struct Curl_easy *data, failf(data, "schannel: TLS 1.3 not supported on Windows prior to 11"); return CURLE_SSL_CONNECT_ERROR; } +#else + failf(data, "schannel: TLS 1.3 is not yet supported"); + return CURLE_SSL_CONNECT_ERROR; +#endif } } return CURLE_OK; -- cgit v0.12