Problem with Winhttp SSL under Windows 10

Question

I'm currently trying to implement a soap client under Windows in C++. Due to some technical requirements, the http and communication layer have been implemented using the Winhttp API. Everything seems to work ok but, as soon as TLS 1.1 or 1.2 are enabled the software is unable to perform the SSL handshake. It just keeps sending TCP connection packets to the server.

I made several tests in order to find out what's happening and, so far, this is what I already know:

• The software works as expected in Windows 10 Pro (no matter which TLS version is selected). That can't be said when the software is deployed in a Windows 10 ltsb 2016 (1607).

• Enabling TLS support as suggested here does not work.

The winhttp code can be found here. I only added this modification at lines 351-352:

 DWORD dwOpt =  WINHTTP_FLAG_SECURE_PROTOCOL_ALL | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 |WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
 int res = WinHttpSetOption(pData->hInternet, WINHTTP_OPTION_SECURE_PROTOCOLS, &dwOpt, sizeof(dwOpt));

Thanks

Answer 1

I already found what was going on there. It turns out that the secure protocol flags does not behave the same way in Windows 10 Pro and Windows 10 2016 ltsb.

The code snippet included in the questions works as expected under Windows 10 Pro but, in Windows 10 2016 ltsb it must be:

DWORD dwOpt = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 |WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
int res = WinHttpSetOption(pData->hInternet, WINHTTP_OPTION_SECURE_PROTOCOLS, &dwOpt, sizeof(dwOpt));

I hope this helps anyone who is struggling with similar issues.