From: Marc Hoersken <info@marc-hoersken.de>
Date: Sun, 19 Jan 2014 13:13:21 +0000 (+0100)
Subject: winssl: improved default SSL/TLS protocol selection
X-Git-Tag: curl-7_36_0~250
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=82f558366f7db6de5fef2e7d02c0d3a7a4bc4057;p=curl

winssl: improved default SSL/TLS protocol selection

For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2
if it is not explicitly enabled within grbitEnabledProtocols.

More information can be found on MSDN:
http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx
---

diff --git a/lib/vtls/curl_schannel.c b/lib/vtls/curl_schannel.c
index f932b8039..33c9aac8e 100644
--- a/lib/vtls/curl_schannel.c
+++ b/lib/vtls/curl_schannel.c
@@ -195,6 +195,12 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
       case CURL_SSLVERSION_SSLv2:
         schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT;
         break;
+      default:
+        schannel_cred.grbitEnabledProtocols = SP_PROT_TLS1_0_CLIENT |
+                                              SP_PROT_TLS1_1_CLIENT |
+                                              SP_PROT_TLS1_2_CLIENT |
+                                              SP_PROT_SSL3_CLIENT;
+        break;
     }
 
     /* allocate memory for the re-usable credential handle */