diff options
| -rw-r--r-- | src/transports/winhttp.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/transports/winhttp.c b/src/transports/winhttp.c index 07e8163e1..e52d54b6d 100644 --- a/src/transports/winhttp.c +++ b/src/transports/winhttp.c @@ -752,6 +752,10 @@ static int winhttp_connect( int error = -1; int default_timeout = TIMEOUT_INFINITE; int default_connect_timeout = DEFAULT_CONNECT_TIMEOUT; + DWORD protocols = + WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 | + WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 | + WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2; t->session = NULL; t->connection = NULL; @@ -794,6 +798,16 @@ static int winhttp_connect( goto on_error; } + /* + * Do a best-effort attempt to enable TLS 1.2 but allow this to + * fail; if TLS 1.2 support is not available for some reason, + * ignore the failure (it will keep the default protocols). + */ + WinHttpSetOption(t->session, + WINHTTP_OPTION_SECURE_PROTOCOLS, + &protocols, + sizeof(protocols)); + if (!WinHttpSetTimeouts(t->session, default_timeout, default_connect_timeout, default_timeout, default_timeout)) { giterr_set(GITERR_OS, "failed to set timeouts for WinHTTP"); goto on_error; |