It sounded like windows allowed lynx to bypass because of the openssl it was using at compile time. I have a version from 2014 with 0.9.8 that can negotiate tls 1.0. If that utility cannot recognize old tls it might behave this way. Hard to imagine curl or wget using a different library though.
> On Jan 29, 2019, at 21:44, David Niklas <do...@mail.com> wrote: > > On Tue, 29 Jan 2019 16:29:23 +0100 > Gisle Vanem <gisle.va...@gmail.com> wrote: >> I just discovered the new features of Microsoft's >> "Windows Defender Advanced Threat Protection". >> >> Overview of all these features: >> https://demo.wd.microsoft.com/?ocid=cx-wddocs-testground >> >> After enabling the interesting feature, 'Network Protection' >> by: >> c:\> powershell Set-MpPreference -EnableNetworkProtection Enabled >> ref: https://demo.wd.microsoft.com/Page/NP >> >> Then trying to fetch the test-page using Chrome, curl an wget, I >> get a trace like this: >> c:\> wget https://smartscreentestratings2.net/ >> >> --2019-01-29 14:54:23-- https://smartscreentestratings2.net/ >> Resolving smartscreentestratings2.net >> (smartscreentestratings2.net)... 23.99.0.12 Connecting to >> smartscreentestratings2.net >> (smartscreentestratings2.net)|23.99.0.12|:443... connected. Unable to >> establish SSL connection. >> >> (and a WinDefender block warning window pops up). >> >> But using 'lynx -dump https://smartscreentestratings2.net/', I'm >> getting a seemingly valid connection and page is rendered as: >> SmartScreen Test >> >> This is a test page for SmartScreen. >> >> As if the 'Network Protection' was disabled. But I do get the >> same WinDefender block warning window in addition to the page >> >> What could cause the difference in behaviour? >> My Lynx used OpenSSL, so does my Wget and curl >> (with CURL_SSL_BACKEND=openssl) >> >> Scratching head now!? > > So let me get this straight... You're asking a bunch of opensource geeks > to explain a "Feature" of a black box environment that has been > purposefully created to "secure" said black box using an unknown and > apparently flawed method. > Would @CEO "fix" Windowz at our behest? (I'm pausing for the laughter at > the suggestion...) > > More seriously, this sounds like a Windowz bug. Without a gdb trace I > can't tell you where lynx succeeds but curl and wget fail. I'd guess that > there is a library in there someplace that lynx does not use but the > others do. > > Alternately, lynx might be used by the NSA for "special" purposes so lynx > has an exception to the rules and thus WE 0WN the Virtual-verse!!! > > Trying NOT to be less than useless, > David > > _______________________________________________ > Lynx-dev mailing list > Lynx-dev@nongnu.org > https://lists.nongnu.org/mailman/listinfo/lynx-dev _______________________________________________ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev