Hi Dan,
1 - We don't have any high level API for setting/configuring the TLS version to be used. One some of the platforms it is possible to set the TLS version used through our native handle API. Our http_client is powered by the following depending on the platform:
With IXmlHttpRequest I couldn't find a way to control the underlying TLS version so I don't think it is possible.
Recently in the development branch we implemented the set_nativehandle_options for non-Windows platforms. It now exposes one of the following types depending on if HTTPS is in use or not:
2 - Like with #1 we don't have any high level API for this, you can open a feature request if you'd like. In general it is possible to accomplish it yourself utilizing similar techniques mentioned for #1. Basically take a look at what the server certificate provided is and decide if it is what you expected.
3 - Client certificates can be set using the native handle API. For Windows store/phone I don't believe the current version of IXmlHttpRequest2 support client certificates, but it looks like IXmlHttpRequest3 does, so it could be updated.
4 - OpenSSL is only used with our http_client on non-Windows platforms. That said the code is cross platform so with some finagling you could try to reuse the Boost.Asio based implementation on Windows, however I'm sure it won't pass the banned APIs scan for the Windows store cert kit check.
Steve
1 - We don't have any high level API for setting/configuring the TLS version to be used. One some of the platforms it is possible to set the TLS version used through our native handle API. Our http_client is powered by the following depending on the platform:
Windows Desktop - WinHttp
Windows Store/Phone - IXmlHttpRequest2
non-Windows - Boost.Asio/OpenSSL
With IXmlHttpRequest I couldn't find a way to control the underlying TLS version so I don't think it is possible.
Recently in the development branch we implemented the set_nativehandle_options for non-Windows platforms. It now exposes one of the following types depending on if HTTPS is in use or not:
https - boost::asio::ssl::stream<boost::asio::ip::tcp::socket &> *
http - boost::asio::ip::tcp::socket *
2 - Like with #1 we don't have any high level API for this, you can open a feature request if you'd like. In general it is possible to accomplish it yourself utilizing similar techniques mentioned for #1. Basically take a look at what the server certificate provided is and decide if it is what you expected.
3 - Client certificates can be set using the native handle API. For Windows store/phone I don't believe the current version of IXmlHttpRequest2 support client certificates, but it looks like IXmlHttpRequest3 does, so it could be updated.
4 - OpenSSL is only used with our http_client on non-Windows platforms. That said the code is cross platform so with some finagling you could try to reuse the Boost.Asio based implementation on Windows, however I'm sure it won't pass the banned APIs scan for the Windows store cert kit check.
Steve
