.NET API | Microsoft Learn
System.Net.SecuritySystem.Net.Security.dll
Represents a stream that performs authentication using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol over a stream.
This class provides the functionality to secure communication between two endpoints by encrypting and authenticating data exchanged between them.
The SslStream class allows you to wrap an existing stream (such as a NetworkStream) and add SSL/TLS security to it. This is commonly used for securing HTTP connections (HTTPS), FTP connections, and other network protocols.
To use SslStream, you typically:
new NetworkStream(socket)).SslStream, passing the underlying stream and an SslContext (or SslClientAuthenticationOptions/SslServerAuthenticationOptions for .NET 5+).AuthenticateAsClientAsync or AuthenticateAsServerAsync to establish the SSL/TLS connection.SslStream instance to read and write data, which will be automatically encrypted and decrypted.It's important to manage the lifecycle of the underlying stream and the SslStream correctly to avoid resource leaks. Ensure that both streams are disposed of when they are no longer needed.
System.ObjectSystem.IO.StreamSystem.Net.Security.SslStream
The SslStream class has several constructors:
SslStream(Stream innerStream)
SslStream class using the specified inner stream.
SslStream(Stream innerStream, bool leaveInnerStreamOpen)
SslStream class using the specified inner stream and a value that indicates whether the inner stream should be left open after the SslStream is disposed of.
SslStream(Stream innerStream, bool leaveInnerStreamOpen, System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate)
SslStream class using the specified inner stream, a value that indicates whether the inner stream should be left open after the SslStream is disposed of, and the server certificate.
For .NET 5 and later, you should use SslClientAuthenticationOptions and SslServerAuthenticationOptions for configuring client and server authentication respectively, in conjunction with the appropriate constructors.
The SslStream class provides a rich set of methods for managing secure communication:
AuthenticateAsClientAsync(string targetHost)SslStream.AuthenticateAsClientAsync(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)SslStream.AuthenticateAsServerAsync(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate)SslStream.AuthenticateAsServerAsync(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation)SslStream.ReadAsync(byte[] buffer, int offset, int count)WriteAsync(byte[] buffer, int offset, int count)Dispose()Stream class and optionally releases the unmanaged resources used by the inner stream.The SslStream class exposes several properties:
CanRead: Gets a value indicating whether the stream supports reading.CanWrite: Gets a value indicating whether the stream supports writing.CanSeek: Gets a value indicating whether the stream supports seeking. (Typically false for network streams).IsAuthenticated: Gets a value indicating whether the stream has been successfully authenticated.IsMutuallyAuthenticated: Gets a value indicating whether both the client and server have authenticated each other.IsEncrypted: Gets a value indicating whether the stream is encrypted.LocalCertificate: Gets the local certificate used for authentication.RemoteCertificate: Gets the remote certificate used for authentication.The SslStream class does not expose any public events.
When using SslStream, it is crucial to:
SslStream and underlying streams.