Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Any plan to support TLS 1.3? #1548

Open
SiyiJia opened this issue Dec 17, 2020 · 4 comments
Open

Any plan to support TLS 1.3? #1548

SiyiJia opened this issue Dec 17, 2020 · 4 comments

Comments

@SiyiJia
Copy link

SiyiJia commented Dec 17, 2020

I understand Casablanca has supported both TLS 1.1 and TLS1.2 since version 2.10. As the codes described below, it enables TLS 1.1 and 1.2 via WINHTTP_OPTION_SECURE_PROTOCOLS.

#if (_WIN32_WINNT >= _WIN32_WINNT_VISTA) || defined(CPPREST_FORCE_HTTP_CLIENT_WINHTTPPAL)
            DWORD secure_protocols(WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 |
                                   WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2);
            if (!WinHttpSetOption(
                m_hSession, WINHTTP_OPTION_SECURE_PROTOCOLS, &secure_protocols, sizeof(secure_protocols)))
            {
                return GetLastError();
            }
#endif

My question is, does Casablanca plan to support TLS 1.3 on both Windows and Linux? Are there any suggestions if I want to enable TLS 1.3? I tried adding WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3 into the protocol list but failed to achieve it.
@N3mes1s
Copy link

N3mes1s commented Jan 19, 2021

Windows side: the tls 1.3 is not available in all windows version, to keep track please refere to the link:

https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-

Seems that it was supported in Windows 10 20h1 for testing purpose only and disabled (?!) in windows 10 20h2.

Anyway the flag to enable tls 1.3 is still not officially documented in the windows api (https://docs.microsoft.com/en-us/windows/win32/winhttp/option-flags?redirectedfrom=MSDN) but it should be:

# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3 0x00002000

Please mind that supporting TLS 1.3 is still not official.

@gvollant
Copy link

gvollant commented Apr 26, 2021
edited
Loading

see https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-server-2022

I tried modify curl schannel code to download using tls 1.3 without success (with windows server 2022 - 21H2 Build 20339.2 Windows insider)
curl/curl#6958

But under Windows 2022 - 21H2 I was able to get a tls 1.3 response with a wininet api (test with https://tls13.akamai.io/ )

@Karteek649
Copy link

Microsoft Windows11 / Windows 2k22 server are supporting TLS1.3. Is there any plan to support TLS1.3 now?

@gvollant
Copy link

Microsoft also work on quic https://en.wikipedia.org/wiki/MsQuic https://github.com/microsoft/msquic

@Karteek649 Karteek649 mentioned this issue Jan 7, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@N3mes1s @gvollant @Karteek649 @SiyiJia