Starting with curl 8.20.0, NTLM authentication and SMBv1 protocol support will be opt-in rather than enabled by default. This change addresses long-standing security concerns, as NTLM has been linked to multiple vulnerabilities, uses weak cryptography, and is incompatible with modern HTTP/2/3. The move follows Microsoft's own deprecation of NTLM and reflects a broader industry shift away from these legacy protocols.
Background
cURL is a widely used command-line tool and library for transferring data with URLs, supporting numerous protocols including HTTP, FTP, and SMB. NTLM is a proprietary Microsoft authentication protocol that has long been criticized for security weaknesses and design flaws.
- Source
- Lobsters
- Published
- Mar 22, 2026 at 11:09 PM
- Score
- 7.0 / 10