Switch the default builds to use -schannel configure flag, instead of relying on openssl.
This would allow users of the default Qt builds that need basic SSL/TLS functionality - like Qt Creator - to not ship OpenSSL libraries.
This would have following advantages
- Less issues with packaging
- Less need to follow up upstream releases for security issues
- No need to separately declare OpenSSL in export classification documents etc
Anyhow, there are also some loss in functionality (quoting from https://bugreports.qt.io/browse/QTBUG-62637?focusedCommentId=471900):
- PSK support is not available (documentation from Microsoft is lacking and it seems to be a binary choice (i.e. you either have to use PSK for the connection or PSK is completely unavailable)).
- TLS 1.3 is not available (there's an enum value for it, but it errors out if you use it).
- ALPN / HTTP2 is only available for windows 8.1 and up but not available if you compile with MinGW because it doesn't have all the necessary things available.
- DTLS support is not implemented (can be done, but hasn't been a priority outside of having it work for openssl)
- Specifying ciphers is not available.
- this issue