wininet: disable TLSv1.1/1.2 by default

Hiroshi Miura miurahr at
Mon Sep 10 18:55:23 CDT 2012


Are there any comment for it?

It is a motivation that Evernote windows client cannot 
connect its server on Wine/OpenSSL 1.0.1.
it is caused by server is only support TLS1.0/SSL3.0
, apache2/openssl 0.9.8 thing, but client ask
TLS1.1/1.2 and then server returns that session is fails.

I know wininet(in Microsoft implementation) has a behavior
to re-try by TLS1.0 after TLS1.2 fails.

It is discussed in IETF TLS maillist

How do you think whether we should implement similar way or not?
If we adopt similar fall back mechanism, compatibility may become well,
but is it good behavior?


On 2012.08.26 11:51, Hiroshi Miura wrote:
>      OpenSSL 1.0.x now support TLSv1.1 and TLSv1.2
>      but Windows7 is disabled by default.
>      Schannel registry indicate TLSv1.1/1.2 config.
>      It fixes the error of Evernote client connection.
> Signed-off-by: Hiroshi Miura <miurahr at>
> ---
>   dlls/wininet/netconnection.c |   68 ++++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 68 insertions(+)

More information about the wine-devel mailing list