System.Net.SecurityProtocolType - MSDN Documentation

SecurityProtocolType Enumeration

Defines the protocols that support Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for the System.Net.Security.SslStream class.

Note: As of .NET Framework 4.7, the default security protocols used by many System.Net classes are negotiated by the operating system. For more information, see Security Features of .NET Framework 4.7.

Warning: We strongly recommend that you use the latest TLS protocol version supported by the client and server. In general, this is TLS 1.2. Do not use SSL 3.0 or TLS 1.0, as they have known security vulnerabilities.

Syntax

public enum SecurityProtocolType

Members

System.Net.SecurityProtocolType.SSLv2 Specifies the SSL 2.0 protocol.

System.Net.SecurityProtocolType.SSLv3 Specifies the SSL 3.0 protocol.

System.Net.SecurityProtocolType.Tls Specifies the TLS 1.0 protocol.

System.Net.SecurityProtocolType.Tls11 Specifies the TLS 1.1 protocol.

System.Net.SecurityProtocolType.Tls12 Specifies the TLS 1.2 protocol.

System.Net.SecurityProtocolType.Tls13 Specifies the TLS 1.3 protocol.

System.Net.SecurityProtocolType.Default Specifies the default security protocols. This value is equivalent to TLS 1.2.

Remarks

The SecurityProtocolType enumeration provides a set of constants that you can use to specify the protocol that the System.Net.Security.SslStream class uses to secure a stream. You can use the bitwise OR operator (|) to combine multiple protocol types if the application supports them.

In .NET Framework 4.5 and later, the Default value is recommended as it allows the system to choose the best available protocol. For applications targeting older versions of .NET Framework or for specific security requirements, you might need to explicitly set the protocol.

When using ServicePointManager.SecurityProtocol, you can set it to a single protocol type or a combination of protocol types. For example, to allow both TLS 1.2 and TLS 1.3:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls13;

Examples

The following example demonstrates how to set the default security protocol to TLS 1.2 for all HttpClient requests.

using System;
using System.Net;
using System.Net.Http;
using System.Threading.Tasks;

public class Example
{
    public static async Task MakeSecureRequestAsync()
    {
        // Set the default security protocol to TLS 1.2
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

        using (HttpClient client = new HttpClient())
        {
            try
            {
                string url = "https://www.example.com";
                HttpResponseMessage response = await client.GetAsync(url);
                response.EnsureSuccessStatusCode();
                string responseBody = await response.Content.ReadAsStringAsync();
                Console.WriteLine($"Response from {url}:");
                Console.WriteLine(responseBody.Substring(0, Math.Min(responseBody.Length, 200)) + "...");
            }
            catch (HttpRequestException e)
            {
                Console.WriteLine($"Request error: {e.Message}");
            }
        }
    }

    public static void Main(string[] args)
    {
        MakeSecureRequestAsync().Wait();
    }
}

Requirements

API supported in	.NET	.NET Framework
`SecurityProtocolType`	All .NET versions	4.0 and later