SslProtocolVersion Enum

Namespace: System.Net.Security
Declaration: 
public enum SslProtocolVersion

Specifies the SSL/TLS protocol versions that can be used by the SslStream class.

Members

Member Name Description
Default Specifies that the default protocol version is used. This is equivalent to Tls12 on modern systems.
Ssl2 Specifies that the SSL 2.0 protocol is used. Note: This protocol is deprecated and should not be used.
Ssl3 Specifies that the SSL 3.0 protocol is used. Note: This protocol is deprecated and should not be used.
Tls10 Specifies that the TLS 1.0 protocol is used. Note: This protocol is deprecated and should not be used.
Tls11 Specifies that the TLS 1.1 protocol is used. Note: This protocol is deprecated and should not be used.
Tls12 Specifies that the TLS 1.2 protocol is used. This is the recommended minimum for most applications.
Tls13 Specifies that the TLS 1.3 protocol is used. This is the latest and most secure version.

Remarks

The SslProtocolVersion enumeration is used to configure the specific SSL or TLS protocol version that an SslStream instance will use for communication. When creating an SslStream, you can specify the desired protocol version to ensure compatibility or enforce security standards.

For enhanced security, it is strongly recommended to use Tls12 or Tls13. Older protocols like SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 have known vulnerabilities and should be avoided whenever possible.

Important

Using outdated SSL/TLS protocols can expose your application to significant security risks, including man-in-the-middle attacks and data interception. Always prioritize the use of modern, secure protocols.

Example

The following example demonstrates how to create an SslStream and explicitly set the protocol version to TLS 1.2.

using System;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;

public class Example
{
    public static void Main(string[] args)
    {
        try
        {
            // Assuming you have a TcpClient connected and authenticated
            TcpClient client = new TcpClient("example.com", 443);
            SslStream sslStream = new SslStream(
                client.GetStream(),
                false,
                new RemoteCertificateValidationCallback(ValidateServerCertificate),
                null);

            // Authenticate the client using the specified protocol version
            sslStream.AuthenticateAsClient("example.com", null, SslProtocolVersion.Tls12, false);

            Console.WriteLine("Authentication successful using TLS 1.2.");

            // You can now use sslStream for secure communication
            // ...

            sslStream.Close();
            client.Close();
        }
        catch (Exception ex)
        {
            Console.WriteLine($"An error occurred: {ex.Message}");
        }
    }

    public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        // In a real application, you would implement robust certificate validation logic.
        // For this example, we'll accept any valid certificate.
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;

        Console.WriteLine($"Certificate error: {sslPolicyErrors}");

        // Do not return true for invalid certificates in production environments.
        return false;
    }
}

Tip

The Default value for SslProtocolVersion is dynamic and adapts to the operating system's default secure protocol settings. It is generally recommended to explicitly specify Tls12 or Tls13 for predictable behavior and enhanced security.

Requirements

Assembly Package
System.Net.Primitives.dll (NuGet Package)

See Also