SslStream.Negotiation Property

System.Net.Security Namespace

Syntax

public SslProtocols Negotiation { get; }

Property Value

System.Net.Security.SslProtocols

One of the System.Net.Security.SslProtocols values that indicates the version of the SSL protocol used to secure the connection.

Remarks

The Negotiation property returns the version of the SSL or TLS protocol that was negotiated between the client and the server during the SSL handshake.

This property can be useful for logging or auditing purposes, to confirm which protocol version was actually established for a secure connection.

The SslProtocols enumeration includes values such as:

  • Ssl2
  • Ssl3
  • Tls10 (TLS 1.0)
  • Tls11 (TLS 1.1)
  • Tls12 (TLS 1.2)
  • Tls13 (TLS 1.3)
  • Default (uses the highest protocol version supported by the operating system)

You can use the value of this property to verify that the negotiated protocol meets your security requirements.

Note: It is recommended to use the highest available TLS protocol versions (e.g., TLS 1.2 or TLS 1.3) for improved security. Avoid using older protocols like SSLv2 and SSLv3, as they have known vulnerabilities.

Example

The following example demonstrates how to access the Negotiation property after establishing an SSL connection.

using System;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;

public class SslStreamExample
{
    public static void Main(string[] args)
    {
        // This is a simplified example for demonstration.
        // In a real-world scenario, you would typically establish a TcpClient
        // connection first and then wrap it with SslStream.

        try
        {
            // Imagine 'tcpClient' is an established TcpClient connection.
            // For brevity, we'll simulate a stream.
            // TcpClient tcpClient = new TcpClient("www.example.com", 443);
            // NetworkStream networkStream = tcpClient.GetStream();

            // Simulate a network stream for demonstration purposes
            MemoryStream simulatedStream = new MemoryStream();
            SslStream sslStream = new SslStream(simulatedStream, false);

            // In a real client scenario:
            // sslStream.AuthenticateAsClient("www.example.com", null, System.Security.Authentication.SslProtocols.Tls12, false);

            // Simulate a successful SSL negotiation that resulted in TLS 1.2
            // This is for illustrative purposes; actual negotiation happens dynamically.
            typeof(SslStream).GetField("_sslProtocols", System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic)
                .SetValue(sslStream, System.Security.Authentication.SslProtocols.Tls12);
            typeof(SslStream).GetField("_negotiatedSslProtocols", System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic)
                .SetValue(sslStream, System.Security.Authentication.SslProtocols.Tls12);


            // Now, you can access the negotiated protocol.
            SslProtocols negotiatedProtocol = sslStream.Negotiation;

            Console.WriteLine($"SSL/TLS negotiation successful. Negotiated protocol: {negotiatedProtocol}");

            // You can also check if it's a specific version
            if (negotiatedProtocol.HasFlag(SslProtocols.Tls12))
            {
                Console.WriteLine("TLS 1.2 was used.");
            }

            // Clean up
            sslStream.Close();
            // tcpClient.Close();
        }
        catch (Exception ex)
        {
            Console.WriteLine($"An error occurred: {ex.Message}");
        }
    }
}

Requirements

Assembly File
System.Net.dll System.dll