wininet: disable TLSv1.1/1.2 by default
miurahr at linux.com
Mon Sep 10 18:55:23 CDT 2012
Are there any comment for it?
It is a motivation that Evernote windows client cannot
connect its server on Wine/OpenSSL 1.0.1.
it is caused by server is only support TLS1.0/SSL3.0
, apache2/openssl 0.9.8 thing, but client ask
TLS1.1/1.2 and then server returns that session is fails.
I know wininet(in Microsoft implementation) has a behavior
to re-try by TLS1.0 after TLS1.2 fails.
It is discussed in IETF TLS maillist
How do you think whether we should implement similar way or not?
If we adopt similar fall back mechanism, compatibility may become well,
but is it good behavior?
On 2012.08.26 11:51, Hiroshi Miura wrote:
> OpenSSL 1.0.x now support TLSv1.1 and TLSv1.2
> but Windows7 is disabled by default.
> Schannel registry indicate TLSv1.1/1.2 config.
> It fixes the error of Evernote client connection.
> Signed-off-by: Hiroshi Miura <miurahr at linux.com>
> dlls/wininet/netconnection.c | 68 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 68 insertions(+)
More information about the wine-devel