The C Driver's current implementation of SSL/TLS connections on Windows (aka "winssl") uses the Secure Channel library. Specifically, the implementation primarily uses utilities provided by wincrypt.h (aka "CryptoAPI").

However, on top of being deprecated in favor of new Cryptography API: Next Generation (aka "CNG") utilities, they do not support elliptic curve cryptography. This blocked an attempt to update test certificates from RSA to ECC to address the removal of insecure ciphers in Python 3.10 (see CDRIVER-4519).

The C Driver's implementation of TLS connection handers on Windows must be refactored to use utilities provided by bcrypt.h and/or ncrypt.h in order to support certificates using non-RSA signature algorithms.