winhttp: disable TLSv1.1/1.2 by default
miurahr at linux.com
Sat Sep 1 02:03:00 CDT 2012
Thanks André to point the discussion
On 2012年08月27日 01:56, André Hentschel wrote:
> Am 26.08.2012 17:46, schrieb Marcus Meissner:
>> On Sun, Aug 26, 2012 at 11:50:15AM +0900, Hiroshi Miura wrote:
>>> Windows 7 disables TLSv1.1/1.2 by default.
>>> This patch intend to behave same as Windows.
>> Please do not... The newer TLSv1.x fix some shortcomings
>> of the older TLS versions.
>> Is there a specific problem you see?
>> Otherwise, I object.
> It's for http://bugs.winehq.org/show_bug.cgi?id=30598
> So it has its reason
Yes it has a reason to disable TLS 1.1 1.2 by DEFAULT.
It also provide interface to enable it through registry entry,
which is same as windows does.
I also prefer to use TLS 1.1/1.2 than before SSL3.0/TLS1.0.
but here is a interoperability issue with SSL3.0/TLS 1.0 only site and
TLS1.1/1.2 enabled Wine program.
In evernote case, client program use wininet dll instead of winhttp.
Even such a case, it should be a same behavior for registry values in
secur32/schannel, wininet, and winhttp dlls.
I understand that wininet/winhttp has a issue to re-implement it using
schannel instead of openssl.
It means if we support a behavior disabling/enabling TLS1.1/1.2 with
registry entry for Schannel, wininet/winhttp should also have a same
We need to add function that enable/disable TLS1.1/1.2 in
secur32/schannel according to this registry, but I've not implemented it
registry entry is like;
Windows Registry Editor Version 5.00
More information about the wine-devel