Starting with curl 8.20.0, NTLM authentication and SMB support are being made opt-in rather than enabled by default. NTLM is a proprietary Microsoft protocol with significant drawbacks: it authenticates connections rather than requests (breaking HTTP paradigm), is incompatible with HTTP/2 and HTTP/3, uses weak cryptography (DES and MD5), and has been linked to seven past security vulnerabilities in curl. SMBv1, which depends on NTLM, is similarly being opt-in due to its weak security and low usage. Neither protocol is removed yet, but this is described as a first step toward eventual removal. Microsoft has already deprecated NTLM themselves.
Sort: