SslProtocolVersion Enum

Namespace: System.Net.Security
Assembly: System (in System.dll)

Specifies the SSL protocol versions that the client and server can use for secure communication.

Syntax

public enum SslProtocolVersion

Members

0

Member	Description
`Ssl3`	Specifies the SSL 3.0 protocol.
`Tls10`	Specifies the Transport Layer Security (TLS) 1.0 protocol.
`Tls11`	Specifies the Transport Layer Security (TLS) 1.1 protocol.
`Tls12`	Specifies the Transport Layer Security (TLS) 1.2 protocol.
`Tls13`	Specifies the Transport Layer Security (TLS) 1.3 protocol.
`Default`	Specifies the default SSL protocol version. The operating system determines the default.

Remarks

The SslProtocolVersion enumeration is used to specify the SSL/TLS protocol versions that can be negotiated for a secure connection. When you configure an SslStream or HttpClient, you can set the SslProtocolType property to one or more of these values to indicate the allowed protocols. For example, you might specify that only TLS 1.2 and TLS 1.3 are permitted for enhanced security.

The Default value relies on the operating system's default settings, which can vary. It's generally recommended to explicitly specify the desired protocol versions for consistent behavior and security.

Examples

Specifying Allowed SSL/TLS Protocols for SslStream

The following code example demonstrates how to specify a set of allowed SSL/TLS protocols when creating an SslStream.

using System;
using System.Net.Security;
using System.Security.Authentication;
using System.Net.Sockets;

// ...

public void ConfigureSslStream()
{
    TcpClient client = new TcpClient("example.com", 443);
    SslStream sslStream = new SslStream(
        client.GetStream(),
        false,
        new RemoteCertificateValidationCallback(ValidateServerCertificate),
        null);

    try
    {
        // Allow only TLS 1.2 and TLS 1.3 for enhanced security
        SslProtocolVersion allowedProtocols = SslProtocolVersion.Tls12 | SslProtocolVersion.Tls13;

        sslStream.AuthenticateAsClient("example.com", null, allowedProtocols, false);

        Console.WriteLine("SSL authentication succeeded.");
        // Proceed with secure communication
    }
    catch (AuthenticationException e)
    {
        Console.WriteLine("Authentication failed: {0}", e.Message);
        // Handle authentication failure
    }
    catch (Exception e)
    {
        Console.WriteLine("An error occurred: {0}", e.Message);
        // Handle other exceptions
    }
    finally
    {
        if (sslStream != null)
            sslStream.Close();
        if (client != null)
            client.Close();
    }
}

public bool ValidateServerCertificate(
    object sender,
    System.Security.Cryptography.X509Certificates.X509Certificate certificate,
    System.Security.Cryptography.X509Certificates.X509Chain chain,
    SslPolicyErrors sslPolicyErrors)
{
    // In a real application, you should carefully validate the certificate.
    // For demonstration purposes, we'll accept any certificate.
    if (sslPolicyErrors == SslPolicyErrors.None)
        return true;

    Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
    return false;
}