Initiates the SSL/TLS handshake.
public override void NegotiateSsl(
System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate
)
System.Net.Security.SslStream.NegotiateSsl(serverCertificate)
| Name | Type | Description |
|---|---|---|
serverCertificate |
X509Certificate |
An X509Certificate object that represents the certificate to be used for authentication.
This parameter is required when the SslStream object is used in server mode.
If the stream is in client mode, this parameter must be null.
|
The NegotiateSsl method is called to perform the SSL/TLS handshake. This handshake establishes a secure connection between the client and the server. During the handshake, the client and server exchange security parameters, authenticate each other, and agree on the cryptographic algorithms to be used for encrypting and integrity-checking the data.
This method is typically called after the underlying stream has been connected but before any application data is sent or received.
For client-side connections, the serverCertificate parameter should be null, and the client will validate the server's certificate against the trusted certificate authorities.
For server-side connections, the serverCertificate parameter must be provided, containing the server's own certificate for authentication.
The actual SSL/TLS protocol version and cipher suites negotiated depend on the operating system's support and the available options on both the client and server.
The following C# code snippet demonstrates how to use the NegotiateSsl method on the server side.
using System;
using System.Net;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
public class SslServerExample
{
private static X509Certificate serverCertificate = null;
public static void StartServer(int port)
{
try
{
// Load the server's certificate (replace with your actual certificate path and password)
serverCertificate = new X509Certificate2("server.pfx", "your_password");
TcpListener listener = new TcpListener(IPAddress.Any, port);
listener.Start();
Console.WriteLine($"Server started on port {port}. Waiting for connections...");
while (true)
{
TcpClient client = listener.AcceptTcpClient();
Task.Run(() => HandleClient(client));
}
}
catch (Exception ex)
{
Console.WriteLine($"Server error: {ex.Message}");
}
}
private static void HandleClient(TcpClient tcpClient)
{
using (SslStream sslStream = new SslStream(tcpClient.GetStream(), false))
{
try
{
Console.WriteLine("Client connected. Performing SSL handshake...");
// Negotiate SSL/TLS connection with the client
sslStream.NegotiateSsl(serverCertificate); // Server mode
Console.WriteLine("SSL handshake successful.");
Console.WriteLine($"Cipher: {sslStream.CipherAlgorithm} Strength: {sslStream.CipherStrength}");
Console.WriteLine($"Hash: {sslStream.HashAlgorithm} Strength: {sslStream.HashStrength}");
Console.WriteLine($"Key Exchange: {sslStream.KeyExchangeAlgorithm} Strength: {sslStream.KeyExchangeStrength}");
// Read client data
byte[] buffer = new byte[2048];
int bytesRead = sslStream.Read(buffer, 0, buffer.Length);
string message = Encoding.UTF8.GetString(buffer, 0, bytesRead);
Console.WriteLine($"Received from client: {message}");
// Send a response back
byte[] responseBytes = Encoding.UTF8.GetBytes("Hello from the secure server!");
sslStream.Write(responseBytes);
Console.WriteLine("Sent response to client.");
sslStream.Close(); // Close the SSL stream
}
catch (Exception ex)
{
Console.WriteLine($"Client handler error: {ex.Message}");
}
finally
{
tcpClient.Close(); // Close the underlying TCP connection
}
}
}
// To run this example, you'd also need a client application
// and a server.pfx file with a valid certificate.
// public static void Main(string[] args)
// {
// StartServer(8080);
// }
}
| Assembly | DLL |
|---|---|
| System.dll | System.dll |