Libssh2 lets us choose between multiple different crypto backends. On Windows, an attractive option is to use the WinCNG backend. CNG is part of the operating system, it’s maintained by Microsoft and serviced by Windows update, and reusing OS functionality helps us keep our binaries small. However, the WinCNG backend used to have a significant limitation: it lacked support for ECDSA. Given the widespread use of ECDSA for host and user authentication, this limitation often made OpenSSL a mor...
