diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-10-29 15:15:51 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-10-29 21:09:26 +0200 |
commit | 203494e8761132334b366a38a1463992c8b1e8a1 (patch) | |
tree | 4e66cc7a6c11dc4a0d840263c201fbc419ded3ed /installer | |
parent | services: mark win7 code the same as elsewhere (diff) | |
download | wireguard-windows-203494e8761132334b366a38a1463992c8b1e8a1.tar.xz wireguard-windows-203494e8761132334b366a38a1463992c8b1e8a1.zip |
fetcher,winhttp: force TLS 1.2 on Win 8.0 and 7
On ancient Windows, we must opt-in to using TLS 1.2. Otherwise it only
allows for TLS 1.0. And of course there's no TLS 1.3 support there at
all.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'installer')
-rw-r--r-- | installer/fetcher/fetcher.c | 6 | ||||
-rw-r--r-- | installer/fetcher/systeminfo.c | 7 | ||||
-rw-r--r-- | installer/fetcher/systeminfo.h | 1 |
3 files changed, 14 insertions, 0 deletions
diff --git a/installer/fetcher/fetcher.c b/installer/fetcher/fetcher.c index 8253b16d..7392fb59 100644 --- a/installer/fetcher/fetcher.c +++ b/installer/fetcher/fetcher.c @@ -114,6 +114,12 @@ static DWORD __stdcall download_thread(void *param) if (!session) goto out; WinHttpSetOption(session, WINHTTP_OPTION_ENABLE_HTTP_PROTOCOL, &enable_http2, sizeof(enable_http2)); // Don't check return value, in case of old Windows + if (is_win8dotzero_or_below()) { + DWORD enable_tls12 = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2; + if (!WinHttpSetOption(session, WINHTTP_OPTION_SECURE_PROTOCOLS, &enable_tls12, sizeof(enable_tls12))) + goto out; + } + connection = WinHttpConnect(session, L(server), port, 0); if (!connection) goto out; diff --git a/installer/fetcher/systeminfo.c b/installer/fetcher/systeminfo.c index 0132196a..3753965e 100644 --- a/installer/fetcher/systeminfo.c +++ b/installer/fetcher/systeminfo.c @@ -65,3 +65,10 @@ bool is_win7(void) RtlGetNtVersionNumbers(&maj, &min, &build); return maj == 6 && min == 1; } + +bool is_win8dotzero_or_below(void) +{ + DWORD maj, min, build; + RtlGetNtVersionNumbers(&maj, &min, &build); + return maj == 6 && min <= 2; +} diff --git a/installer/fetcher/systeminfo.h b/installer/fetcher/systeminfo.h index 12c3444a..bcb2ab9e 100644 --- a/installer/fetcher/systeminfo.h +++ b/installer/fetcher/systeminfo.h @@ -11,5 +11,6 @@ const char *architecture(void); const char *useragent(void); bool is_win7(void); +bool is_win8dotzero_or_below(void); #endif |