Solution is reading
https://www.microsoft.com/security/blog/2020/08/20/taking-transport-layer-se curity-tls-to-the-next-level-with-tls-1-3/ https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-scha nnel_cred must be replaced by https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-sch_ credentials De : Gilles Vollant <vollan...@gmail.com> Envoyé : jeudi 29 avril 2021 09:46 À : 'curl-library@cool.haxx.se' <curl-library@cool.haxx.se> Objet : Problem adding TLS 1.3 support on curl - schannel on Windows 21H2 preview Hello, I have installed Windows 2022 preview (same base than future Windows 10 21H2) With this version, software that call wininet download use TLS 1.3 Internet explorer 11 (after checking TLS 1.3 in options) also uses TLS 1.3 https://tls13.akamai.io/ website tell TLS_AES_256_GCM_SHA384 cipher is used, both by internet explorer or a wininet download. I tried add support of TLS 1.3 on curl schannel, by adding constant SP_PROT_TLS1_3_CLIENT from current Windows SDK But when I run curl https://tls13.akamai.io/ --tlsv1.3 I got error: schannel: AcquireCredentialsHandle failed: SEC_E_ALGORITHM_MISMATCH (0x80090331) - The client and server cannot communicate, because they do not possess a common algorithm. Any idea? Regards Gilles Vollant https://github.com/gvollant/curl/tree/gv_schannel_tls13 https://github.com/curl/curl/discussions/6958 https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in -windows-server-2022 https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserve r
------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
