Unverified Commit 298b01ab by Edward Thomson Committed by GitHub

Merge pull request #5633 from csware/winhttp1.3

WinHTTP: Try to use TLS1.3
parents d65edcdc 797535b6
...@@ -49,6 +49,10 @@ ...@@ -49,6 +49,10 @@
# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 0x00000800 # define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 0x00000800
#endif #endif
#ifndef WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3
# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3 0x00002000
#endif
#ifndef HTTP_STATUS_PERMANENT_REDIRECT #ifndef HTTP_STATUS_PERMANENT_REDIRECT
# define HTTP_STATUS_PERMANENT_REDIRECT 308 # define HTTP_STATUS_PERMANENT_REDIRECT 308
#endif #endif
...@@ -743,7 +747,8 @@ static int winhttp_connect( ...@@ -743,7 +747,8 @@ static int winhttp_connect(
DWORD protocols = DWORD protocols =
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 |
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 |
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2; WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 |
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3;
t->session = NULL; t->session = NULL;
t->connection = NULL; t->connection = NULL;
...@@ -788,14 +793,20 @@ static int winhttp_connect( ...@@ -788,14 +793,20 @@ static int winhttp_connect(
} }
/* /*
* Do a best-effort attempt to enable TLS 1.2 but allow this to * Do a best-effort attempt to enable TLS 1.3 and 1.2 but allow this to
* fail; if TLS 1.2 support is not available for some reason, * fail; if TLS 1.2 or 1.3 support is not available for some reason,
* ignore the failure (it will keep the default protocols). * ignore the failure (it will keep the default protocols).
*/ */
WinHttpSetOption(t->session, if (WinHttpSetOption(t->session,
WINHTTP_OPTION_SECURE_PROTOCOLS, WINHTTP_OPTION_SECURE_PROTOCOLS,
&protocols, &protocols,
sizeof(protocols)); sizeof(protocols)) == FALSE) {
protocols &= ~WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3;
WinHttpSetOption(t->session,
WINHTTP_OPTION_SECURE_PROTOCOLS,
&protocols,
sizeof(protocols));
}
if (!WinHttpSetTimeouts(t->session, default_timeout, default_connect_timeout, default_timeout, default_timeout)) { if (!WinHttpSetTimeouts(t->session, default_timeout, default_connect_timeout, default_timeout, default_timeout)) {
git_error_set(GIT_ERROR_OS, "failed to set timeouts for WinHTTP"); git_error_set(GIT_ERROR_OS, "failed to set timeouts for WinHTTP");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment