Switching to Schannnel?

Print Thread

Switching to Schannnel? #271304 09/02/23 11:51 AM
Joined: Sep 2006 Posts: 11 Los Angeles, California M magamiako OP Pikka bird
OP magamiako Pikka bird M Joined: Sep 2006 Posts: 11 Los Angeles, California	I found a thread from a few years ago that switching to Windows schannel was considered but not implemented due to lack of TLS 1.3. That has markedly changed in newer versions of Windows 10 and Windows 11. There are lots of benefits of moving to schannel: Not having to manually update cacerts on a cadence Leveraging built-in Windows certificate storage and protection. DPAPI is better protection for client certificates than a flat pem file on the disk. By using schannel, this offers the ability to generate and store client certificates in hardware using Microsoft's CNG key storage providers (Smart Cards, TPMs, etc.) OpenSSL continually has vulnerabilities and needs to be maintained by the application, independent of Windows' built-in Update mechanism that protects schannel. We're up to OpenSSL 1.1.1t now. I think rather than moving to 3.0, may as well just switch to using schannel instead.

Link Copied to Clipboard

Forums Feature Suggestions Switching to Schannnel?