Commit 9ab8d153 by Edward Thomson Committed by Patrick Steinhardt

winhttp: enable TLS 1.2 on Windows 7 and earlier

Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default,
though support may exist.  Try to enable TLS 1.2 support explicitly on
connections.

This request may fail if the operating system does not have TLS 1.2
support - the initial release of Vista lacks TLS 1.2 support (though
it is available as a software update) and XP completely lacks TLS 1.2
support.  If this request does fail, the HTTP context is still valid,
and still maintains the original protocol support.  So we ignore the
failure from this operation.
parent aa0127c0
...@@ -755,6 +755,10 @@ static int winhttp_connect( ...@@ -755,6 +755,10 @@ static int winhttp_connect(
int error = -1; int error = -1;
int default_timeout = TIMEOUT_INFINITE; int default_timeout = TIMEOUT_INFINITE;
int default_connect_timeout = DEFAULT_CONNECT_TIMEOUT; int default_connect_timeout = DEFAULT_CONNECT_TIMEOUT;
DWORD protocols =
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 |
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 |
WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
t->session = NULL; t->session = NULL;
t->connection = NULL; t->connection = NULL;
...@@ -796,6 +800,16 @@ static int winhttp_connect( ...@@ -796,6 +800,16 @@ static int winhttp_connect(
goto on_error; goto on_error;
} }
/*
* Do a best-effort attempt to enable TLS 1.2 but allow this to
* fail; if TLS 1.2 support is not available for some reason,
* ignore the failure (it will keep the default protocols).
*/
WinHttpSetOption(t->session,
WINHTTP_OPTION_SECURE_PROTOCOLS,
&protocols,
sizeof(protocols));
if (!WinHttpSetTimeouts(t->session, default_timeout, default_connect_timeout, default_timeout, default_timeout)) { if (!WinHttpSetTimeouts(t->session, default_timeout, default_connect_timeout, default_timeout, default_timeout)) {
giterr_set(GITERR_OS, "failed to set timeouts for WinHTTP"); giterr_set(GITERR_OS, "failed to set timeouts for WinHTTP");
goto on_error; goto on_error;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment