Commit 797535b6 by Sven Strickroth

WinHTTP: Try to use TLS1.3

Signed-off-by: Sven Strickroth <email@cs-ware.de>
parent 1e987525
......@@ -49,6 +49,10 @@
# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 0x00000800
#endif
#ifndef WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3
# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3 0x00002000
#endif
#ifndef HTTP_STATUS_PERMANENT_REDIRECT
# define HTTP_STATUS_PERMANENT_REDIRECT 308
#endif
......@@ -743,7 +747,8 @@ static int winhttp_connect(
DWORD protocols =
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 |
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 |
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 |
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3;
t->session = NULL;
t->connection = NULL;
......@@ -788,14 +793,20 @@ static int winhttp_connect(
}
/*
* Do a best-effort attempt to enable TLS 1.2 but allow this to
* fail; if TLS 1.2 support is not available for some reason,
* Do a best-effort attempt to enable TLS 1.3 and 1.2 but allow this to
* fail; if TLS 1.2 or 1.3 support is not available for some reason,
* ignore the failure (it will keep the default protocols).
*/
if (WinHttpSetOption(t->session,
WINHTTP_OPTION_SECURE_PROTOCOLS,
&protocols,
sizeof(protocols)) == FALSE) {
protocols &= ~WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3;
WinHttpSetOption(t->session,
WINHTTP_OPTION_SECURE_PROTOCOLS,
&protocols,
sizeof(protocols));
}
if (!WinHttpSetTimeouts(t->session, default_timeout, default_connect_timeout, default_timeout, default_timeout)) {
git_error_set(GIT_ERROR_OS, "failed to set timeouts for WinHTTP");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment