Any plan to support TLS 1.3?

microsoft / cpprestsdk

The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

Other

8k stars 1.65k forks source link

Any plan to support TLS 1.3? #1548

Open SiyiJia opened 3 years ago

SiyiJia commented 3 years ago

I understand Casablanca has supported both TLS 1.1 and TLS1.2 since version 2.10. As the codes described below, it enables TLS 1.1 and 1.2 via WINHTTP_OPTION_SECURE_PROTOCOLS.

#if (_WIN32_WINNT >= _WIN32_WINNT_VISTA) || defined(CPPREST_FORCE_HTTP_CLIENT_WINHTTPPAL)
            DWORD secure_protocols(WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 |
                                   WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2);
            if (!WinHttpSetOption(
                m_hSession, WINHTTP_OPTION_SECURE_PROTOCOLS, &secure_protocols, sizeof(secure_protocols)))
            {
                return GetLastError();
            }
#endif

My question is, does Casablanca plan to support TLS 1.3 on both Windows and Linux? Are there any suggestions if I want to enable TLS 1.3? I tried adding WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3 into the protocol list but failed to achieve it.

N3mes1s commented 3 years ago

Windows side: the tls 1.3 is not available in all windows version, to keep track please refere to the link:

https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-

Seems that it was supported in Windows 10 20h1 for testing purpose only and disabled (?!) in windows 10 20h2.

Anyway the flag to enable tls 1.3 is still not officially documented in the windows api (https://docs.microsoft.com/en-us/windows/win32/winhttp/option-flags?redirectedfrom=MSDN) but it should be:

# define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3 0x00002000

Please mind that supporting TLS 1.3 is still not official.

gvollant commented 3 years ago

see https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-server-2022

I tried modify curl schannel code to download using tls 1.3 without success (with windows server 2022 - 21H2 Build 20339.2 Windows insider) https://github.com/curl/curl/discussions/6958

But under Windows 2022 - 21H2 I was able to get a tls 1.3 response with a wininet api (test with https://tls13.akamai.io/ )

Karteek649 commented 2 years ago

Microsoft Windows11 / Windows 2k22 server are supporting TLS1.3. Is there any plan to support TLS1.3 now?

gvollant commented 2 years ago

Microsoft also work on quic https://en.wikipedia.org/wiki/MsQuic https://github.com/microsoft/msquic