secur32: Take schannel backend capabilities into account when configuring enabled protocols.

dlls/secur32/schannel.c

@@ -237,7 +237,7 @@ static void read_config(void)
 
     RegCloseKey(protocols_key);
 
-    config_enabled_protocols = enabled;
+    config_enabled_protocols = enabled & schan_imp_enabled_protocols();
     config_default_disabled_protocols = default_disabled;
     config_read = TRUE;
 

dlls/secur32/schannel_gnutls.c

@@ -106,6 +106,12 @@ static ssize_t schan_push_adapter(gnutls_transport_ptr_t transport,
     return buff_len;
 }
 
+DWORD schan_imp_enabled_protocols(void)
+{
+    /* NOTE: No support for SSL 2.0 */
+    return SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT | SP_PROT_TLS1_1_CLIENT | SP_PROT_TLS1_2_CLIENT;
+}
+
 BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
 {
     gnutls_session_t *s = (gnutls_session_t*)session;

dlls/secur32/schannel_macosx.c

@@ -630,6 +630,11 @@ static OSStatus schan_push_adapter(SSLConnectionRef transport, const void *buff,
     return ret;
 }
 
+DWORD schan_imp_enabled_protocols(void)
+{
+    /* NOTE: No support for TLS 1.1 and TLS 1.2 */
+    return SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_TLS1_0_CLIENT;
+}
 
 BOOL schan_imp_create_session(schan_imp_session *session, schan_credentials *cred)
 {

dlls/secur32/secur32_priv.h

@@ -260,6 +260,7 @@ extern SECURITY_STATUS schan_imp_recv(schan_imp_session session, void *buffer,
                                       SIZE_T *length) DECLSPEC_HIDDEN;
 extern BOOL schan_imp_allocate_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN;
 extern void schan_imp_free_certificate_credentials(schan_credentials*) DECLSPEC_HIDDEN;
+extern DWORD schan_imp_enabled_protocols(void) DECLSPEC_HIDDEN;
 extern BOOL schan_imp_init(void) DECLSPEC_HIDDEN;
 extern void schan_imp_deinit(void) DECLSPEC_HIDDEN;