Microsoft just published a patch on their SChannel component (KB 2992611 )
https://technet.microsoft.com/library/security/MS14-066 But with this fix, Web server IIS 7.5/8.0 on Windows server 2008R2 or Windows server 2012 did not accept download from curl + OpenSSL 1.0.0a / 1.0.0b ! If you compile curl with OpenSSL 1.0.0a or 1.0.0b, curl cannot download anything from IIS 7.5/8.0 webserver using https after patching ! OpenSSL 1.0.0c has no problem. But somes clients cannot be updated magically! Curl says: curl: (35) error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list I made a report here: http://www.winimage.com/demo_report_openssl_windows/ I hope Microsoft can (and will) update their fix to allow curl + openssl1.0.0(a or b) connect ! regards Gilles Vollant
