From 92364dcee122daf9bfc36f0076e2f9d8adb4ddf5 Mon Sep 17 00:00:00 2001
From: Larry Osterman <LarryOsterman@users.noreply.github.com>
Date: Fri, 20 Oct 2023 11:39:09 -0700
Subject: [PATCH] Enable TLS 1.3 support (#5047)

* Enable TLS 1.3 support

* Updated error message
---
 .../azure-core/src/http/winhttp/win_http_transport.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp b/sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp
index f45d7bf57..96d581fd4 100644
--- a/sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp
+++ b/sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp
@@ -1,6 +1,6 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
-// cspell:words HCERTIFICATECHAIN PCCERT CCERT HCERTCHAINENGINE HCERTSTORE
+// cspell:words HCERTIFICATECHAIN PCCERT CCERT HCERTCHAINENGINE HCERTSTORE lpsz REFERER
 
 #include "azure/core/base64.hpp"
 #include "azure/core/diagnostics/logger.hpp"
@@ -723,12 +723,16 @@ Azure::Core::_internal::UniqueHandle<HINTERNET> WinHttpTransport::CreateSessionH
       sizeof(tls_false_start));
 #endif
 
-  // Enforce TLS version 1.2
+  // Enforce TLS version 1.2 or 1.3 (if available).
+#if defined(WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3)
+  auto tlsOption = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_3;
+#else
   auto tlsOption = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
+#endif
   if (!WinHttpSetOption(
           sessionHandle.get(), WINHTTP_OPTION_SECURE_PROTOCOLS, &tlsOption, sizeof(tlsOption)))
   {
-    GetErrorAndThrow("Error while enforcing TLS 1.2 for connection request.");
+    GetErrorAndThrow("Error while enforcing TLS version for connection request.");
   }
 
   return sessionHandle;