On Sun, Aug 06, 2017 at 01:16:46PM +0200, Lars Schneider wrote:
> > * It is now possible to switch between Secure Channel and OpenSSL for
> > Git's HTTPS transport by setting the http.sslBackend config
> > variable to "openssl" or "schannel"; This is now also the method
> > used by the installer (rather than copying libcurl-4.dll files
> > around).
> Does anyone have a pros/cons list for this option? AFAIK OpenSSL is still
> the default in the GfW installer and I wonder why. My gut feeling would be to
> go with the SSL implementation shipped with the OS. However, I don't have
> knowledge of either implementation to make an assessment.
One fact which immediately comes to mind is that both frameworks use
different sets of certificates (schannel uses the system's one, and
OpenSSL uses what gets shipped with it). Another fact is that they
might have different sets or protocols implemented and/or enabled by
default. Hence switching schannel on for people who used OpenSSL might
break things for them.