Schannel: TLS1.3 support

It's not possible to connect to microsoft.com with Schannel TLS 1.3 for
some reason (also tested with Internet Explorer), but other sites work
fine. Must be something they have to iron out for later.

In my experience this needs a preview release of Windows. One of my
machines is opted into the dev channel of Windows where they enabled TLS
1.3 by default, and it works well in my tests except for the part above.
On my other machine, after enabling TLS 1.3 through the registry, I fail
to complete the handshake with any site. So around March/April next year
is when this code would activate for most people.

MinGW apparently defines NTDDI_VERSION as the one for Windows Server
2003, so it currently doesn't build the new TLS 1.3 code. In Qt (as a
project) we could consider setting this higher, but that's out of scope
for this patch!

Fixes: QTBUG-81294
Change-Id: If329959c3a30ecbfbb8c0d335cc39ccb6d012890
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>

1 files changed, 3 insertions, 0 deletions

diff --git a/src/network/ssl/qsslsocket_schannel_p.h b/src/network/ssl/qsslsocket_schannel_p.h
index fe29dadec0..57c8c75629 100644
--- a/src/network/ssl/qsslsocket_schannel_p.h
+++ b/src/network/ssl/qsslsocket_schannel_p.h
@@ -58,8 +58,11 @@ QT_REQUIRE_CONFIG(schannel);
 #include "qsslsocket_p.h"
 
 #define SECURITY_WIN32
+#define SCHANNEL_USE_BLACKLISTS 1
+#include <Winternl.h> // needed for UNICODE defines
 #include <security.h>
 #include <schnlsp.h>
+#undef SCHANNEL_USE_BLACKLISTS
 #undef SECURITY_WIN32
 
 QT_BEGIN_NAMESPACE