From aebe28b8eb7a0047adb09367ac2ec49ac6d74857 Mon Sep 17 00:00:00 2001
From: Georg Richter <georg@mariadb.com>
Date: Sat, 7 Jun 2025 15:32:44 +0200
Subject: [PATCH] CONC-778: TLSv1.3 support for Windows Server 2022

Windows Server 2022 uses version number 10.0.20348, which is less than 10.0.22000.
Therefore, instead of checking for build numbers >= 22000 (which would exclude Server 2022),
we must check for build numbers >= 20348 to correctly include both Windows Server 2022
and Windows 11.

This is safe because TLSv1.3 was first supported in:
- Windows 11 (starting with build 22000)
- Windows Server 2022 (starting with build 20348)

Earlier versions did not support TLSv1.3:
- Windows 10 (up to build 19044)
- Windows Server 2019 (latest build 17763)
---
 libmariadb/secure/schannel.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libmariadb/secure/schannel.c b/libmariadb/secure/schannel.c
index d7dfac79..31806f24 100644
--- a/libmariadb/secure/schannel.c
+++ b/libmariadb/secure/schannel.c
@@ -458,7 +458,8 @@ static SECURITY_STATUS init_auth_data(MA_SCHANNEL_CREDENTIALS *ma_cred,
     ma_cred->use_old_cred_structure= TRUE;
   }
 
-  if (!os_version_greater_equal(10, 0, 22000))
+  /* CONC-778: Windows 11 starts with build 22000, Windows Server 2022 with 20348 */
+  if (!os_version_greater_equal(10, 0, 20348))
   {
     ma_cred->use_old_cred_structure= TRUE;
   }