From 6332f65714d14b3f19662fd0607c7b59af400b9b Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Tue, 18 Aug 2020 03:24:38 -0400
Subject: [PATCH] KNOWN_BUGS: Schannel TLS 1.2 handshake bug in old Windows
 versions

Reported-by: plujon@users.noreply.github.com

Closes https://github.com/curl/curl/issues/5488
---
 docs/KNOWN_BUGS | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
index 583995cac..e35172daf 100644
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -32,6 +32,7 @@ problems may have been fixed or changed somewhat since this was written!
  2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname
  2.9 TLS session cache doesn't work with TFO
  2.10 Store TLS context per transfer instead of per connection
+ 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
 
  3. Email protocols
  3.1 IMAP SEARCH ALL truncated response
@@ -276,6 +277,14 @@ problems may have been fixed or changed somewhat since this was written!
 
  https://github.com/curl/curl/issues/5102
 
+2.11 Schannel TLS 1.2 handshake bug in old Windows versions
+
+ In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake
+ implementation likely has a bug that can rarely cause the key exchange to
+ fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
+
+ https://github.com/curl/curl/issues/5488
+
 3. Email protocols
 
 3.1 IMAP SEARCH ALL truncated response