Reworked TLS 1.3 change; add WS2019 test coverage (#5051)

* Reworked TLS 1.3 change; add WS2019 test coverage

* Enable static MSVC lib support on WS2019

* Fall back to TLS 1.2 if TLS 1.3 doesn't work

eng/pipelines/templates/stages/platform-matrix.json

@@ -29,7 +29,7 @@
       }
     },
     {
-      "StaticConfigs": { 
+      "StaticConfigs": {
         "Win2019_x64_Release": {
           "OSVmImage": "windows-2019",
           "Pool": "azsdk-pool-mms-win-2019-general",
@@ -38,12 +38,12 @@
           "VCPKG_DEFAULT_TRIPLET": "x64-windows-static",
           "BuildArgs": "--parallel 8 --config Release"
         }
-      }, 
+      },
       "BuildSettings": {
         "Curl": {
-          "CmakeArgs": " -DBUILD_TRANSPORT_CURL=ON"
+          "CmakeArgs": " -DBUILD_TRANSPORT_CURL=ON -DBUILD_TESTING=ON -DMSVC_USE_STATIC_CRT=ON "
         },
-        "WinHttp": { }
+        "WinHttp": { "CmakeArgs": " -DBUILD_TESTING=ON -DMSVC_USE_STATIC_CRT=ON " }
       }
     },
     {

sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp

@@ -724,15 +724,24 @@ Azure::Core::_internal::UniqueHandle<HINTERNET> WinHttpTransport::CreateSessionH
 #endif
 
   // Enforce TLS version 1.2 or 1.3 (if available).
-#if defined(WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3)
-  auto tlsOption = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3;
-#else
   auto tlsOption = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
+#if defined(WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3)
+  tlsOption |= WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3;
 #endif
   if (!WinHttpSetOption(
           sessionHandle.get(), WINHTTP_OPTION_SECURE_PROTOCOLS, &tlsOption, sizeof(tlsOption)))
   {
-    GetErrorAndThrow("Error while enforcing TLS version for connection request.");
+#if defined(WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3)
+    // If TLS 1.3 is not available, try to set TLS 1.2 only.
+    tlsOption = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
+    if (!WinHttpSetOption(
+            sessionHandle.get(), WINHTTP_OPTION_SECURE_PROTOCOLS, &tlsOption, sizeof(tlsOption)))
+    {
+#endif
+      GetErrorAndThrow("Error while enforcing TLS version for connection request.");
+#if defined(WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3)
+    }
+#endif
   }
 
   return sessionHandle;