EncryptionPolicyCollection Class
Represents a collection of security protocol types that the System.Net.Security.SslStream class can use to establish secure connections.
public sealed class EncryptionPolicyCollection : System.Collections.ICollection, System.Collections.IEnumerable, System.Collections.IList
Namespace:
Assembly:
System (in System.dll)
Syntax
public sealed class EncryptionPolicyCollection : System.Collections.ICollection, System.Collections.IEnumerable, System.Collections.IList
Remarks
The EncryptionPolicyCollection class is used to specify which security protocols can be negotiated when establishing an SSL/TLS connection using the SslStream class. By default, SslStream negotiates the highest possible protocol version supported by both the client and server. You can use an EncryptionPolicyCollection to restrict the allowed protocols.
This collection is typically used to enforce specific security requirements, such as disabling older, less secure protocols like SSL 3.0 or TLS 1.0, and only allowing modern protocols like TLS 1.2 or TLS 1.3.
Constructors
EncryptionPolicyCollection()
Initializes a new instance of the EncryptionPolicyCollection class.
public EncryptionPolicyCollection();
Properties
Count
Gets the number of elements contained in the EncryptionPolicyCollection.
int Count { get; }
IsFixedSize
Gets a value indicating whether the EncryptionPolicyCollection has a fixed size.
bool IsFixedSize { get; }
IsReadOnly
Gets a value indicating whether the EncryptionPolicyCollection is read-only.
bool IsReadOnly { get; }
IsSynchronized
Gets a value indicating whether access to the EncryptionPolicyCollection is synchronized (thread-safe).
bool IsSynchronized { get; }
Item
Gets or sets the element at the specified index.
object this[int index] { get; set; }
SyncRoot
Gets an object that can be used to synchronize access to the EncryptionPolicyCollection.
object SyncRoot { get; }
Methods
Add
Adds an element to the end of the EncryptionPolicyCollection.
int Add(object value);
Adds an element to the end of the EncryptionPolicyCollection.
void Add(System.Security.Authentication.SslProtocols sslProtocol);
Clear
Removes all elements from the EncryptionPolicyCollection.
void Clear();
Contains
Determines whether an element is in the EncryptionPolicyCollection.
bool Contains(object value);
Determines whether the specified SSL protocol type is in the EncryptionPolicyCollection.
bool Contains(System.Security.Authentication.SslProtocols sslProtocol);
CopyTo
Copies the entire EncryptionPolicyCollection to a compatible one-dimensional Array, starting at the specified index of the target array.
void CopyTo(System.Array array, int index);
GetEnumerator
Returns an enumerator that iterates through the EncryptionPolicyCollection.
System.Collections.IEnumerator GetEnumerator();
IndexOf
Returns the zero-based index of the first occurrence of a value in the EncryptionPolicyCollection.
int IndexOf(object value);
Returns the zero-based index of the first occurrence of the specified SSL protocol type in the EncryptionPolicyCollection.
int IndexOf(System.Security.Authentication.SslProtocols sslProtocol);
Insert
Inserts an element into the EncryptionPolicyCollection at the specified index.
void Insert(int index, object value);
Remove
Removes the first occurrence of a specific object from the EncryptionPolicyCollection.
void Remove(object value);
Removes the first occurrence of the specified SSL protocol type from the EncryptionPolicyCollection.
void Remove(System.Security.Authentication.SslProtocols sslProtocol);
RemoveAt
Removes the element at the specified index from the EncryptionPolicyCollection.
void RemoveAt(int index);
Example Usage
The following example shows how to create an EncryptionPolicyCollection and configure it to only allow TLS 1.2 and TLS 1.3 connections.
using System;
using System.Net.Security;
using System.Security.Authentication;
public class Example
{
public static void Main(string[] args)
{
// Create a collection that allows only TLS 1.2 and TLS 1.3
EncryptionPolicyCollection policyCollection = new EncryptionPolicyCollection();
policyCollection.Add(SslProtocols.Tls12);
policyCollection.Add(SslProtocols.Tls13); // Note: Tls13 might require specific OS/runtime support
// In a real-world scenario, you would pass this collection or
// configure the SslStream with specific protocols when establishing a connection.
// For demonstration purposes, we'll just show the collection content.
Console.WriteLine("Configured Encryption Policies:");
foreach (var policy in policyCollection)
{
Console.WriteLine($"- {policy}");
}
// Example of how you might use it (conceptual, actual usage depends on SslStream constructor overload)
// SslStream sslStream = new SslStream(
// innerStream,
// false,
// new RemoteCertificateValidationCallback(ValidateServerCertificate),
// null,
// policyCollection // This overload might not exist directly, configuration is usually implicit or via other settings
// );
// More typically, you might set the default allowed protocols at a higher level or configure specific cipher suites.
// The direct use of EncryptionPolicyCollection might be less common than expected.
}
// Placeholder for certificate validation callback
public static bool ValidateServerCertificate(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate,
System.Security.Cryptography.X509Certificates.X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// Implement your certificate validation logic here
return true; // For example, always trust the certificate (not recommended for production)
}
}