SslProtocols Enumeration
Specifies the versions of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols that are permitted for use by the SslStream class.
Namespace: System.Net.Security
Assembly: System.Net.Primitives (in System.Net.Primitives.dll)
Syntax
public enum SslProtocols
Members
The SslProtocols enumeration defines the following members:
| Member | Description |
|---|---|
Ssl2 |
Specifies SSL 2.0. This value is not recommended for use. |
Ssl3 |
Specifies SSL 3.0. This value is not recommended for use. |
Tls10 |
Specifies TLS 1.0. |
Tls11 |
Specifies TLS 1.1. |
Tls12 |
Specifies TLS 1.2. |
Tls13 |
Specifies TLS 1.3. |
Default |
Specifies the default security protocol used by the operating system. This is usually TLS 1.2. |
MonoTls10 |
Specifies Mono's TLS 1.0. |
MonoTls12 |
Specifies Mono's TLS 1.2. |
Remarks
When you specify a value for the SslProtocols enumeration, you are setting the minimum protocol version that the SslStream will use. For example, if you set it to SslProtocols.Tls12, the stream will attempt to negotiate a connection using TLS 1.2. If a lower version is offered by the server, the connection will fail.
It is strongly recommended to use SslProtocols.Tls12 or SslProtocols.Tls13 for enhanced security. Older protocols like SSL 2.0 and SSL 3.0 are considered insecure and should be avoided.
The Default value is often the most appropriate choice, as it allows the system to automatically select the best available protocol supported by both the client and server, while adhering to the security policies of the operating system.
Note
The availability of specific TLS versions depends on the underlying operating system and the .NET runtime version being used.
Examples
Creating an SslStream with Tls12 enabled
using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
public class SslExample
{
public static async Task ConnectSecurelyAsync(string host, int port)
{
using (TcpClient client = new TcpClient())
{
await client.ConnectAsync(host, port);
using (SslStream sslStream = new SslStream(client.GetStream(), false))
{
// Authenticate as client using the server's certificate
// In a real application, you would validate the certificate
await sslStream.AuthenticateAsClientAsync(host, null, SslProtocols.Tls12, false);
// Now sslStream is ready for secure communication
Console.WriteLine("SSL connection established.");
// ... send and receive data using sslStream ...
}
}
}
}
Server-side example with Tls12
using System;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
public class SslServerExample
{
public static async Task StartServerAsync(int port, X509Certificate2 serverCertificate)
{
TcpListener listener = new TcpListener(IPAddress.Any, port);
listener.Start();
Console.WriteLine($"Server started on port {port}. Waiting for connections...");
while (true)
{
TcpClient client = await listener.AcceptTcpClientAsync();
_ = Task.Run(() => HandleClientAsync(client, serverCertificate));
}
}
private static async Task HandleClientAsync(TcpClient client, X509Certificate2 serverCertificate)
{
using (SslStream sslStream = new SslStream(client.GetStream(), false))
{
try
{
// Authenticate as server using the server certificate
await sslStream.AuthenticateAsServerAsync(serverCertificate, false, SslProtocols.Tls12, false);
// Now sslStream is ready for secure communication
Console.WriteLine("Client connected and authenticated.");
// ... read and write data using sslStream ...
}
catch (Exception ex)
{
Console.WriteLine($"Authentication failed: {ex.Message}");
}
}
client.Close();
}
}