winssl: improved default SSL/TLS protocol selection

For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2
if it is not explicitly enabled within grbitEnabledProtocols.

More information can be found on MSDN:
http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx

diff --git a/lib/vtls/curl_schannel.c b/lib/vtls/curl_schannel.c
index f932b8039688381e10fa49da973e20a81c96bd80..33c9aac8ec8b50792812bc2a45772ae1225cdd8c 100644 (file)
--- a/lib/vtls/curl_schannel.c
+++ b/lib/vtls/curl_schannel.c
@@ -195,6 +195,12 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
       case CURL_SSLVERSION_SSLv2:
         schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;
         break;
+      default:
+        schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
+                                              SP_PROT_TLS1_1_CLIENT |
+                                              SP_PROT_TLS1_2_CLIENT |
+                                              SP_PROT_SSL3_CLIENT;
+        break;
     }
 
     /* allocate memory for the re-usable credential handle */