开发者

SslStream, BEAST and TLS 1.1

With the recent advent of BEAST (exploits a vulnerability in SSL/T开发者_运维问答LS1.0 where the initial bytes of the payload are always the same) I looked into the SslStream class to see if it supported TLS 1.1, TLS 1.2, etc. It only supports (SslProtocol) SSL 2 and 3 (which both predate TLS) and TLS 1.0.

Given that SslProtocol only advertises support for TLS 1.0 and below, is it at all possible to use SslStream for TLS 1.1 and beyond?


Looks like an update is in order.

As of .NET 4.5, SslProtocol (and consequently SslStream) now supports TLS 1.1 and TLS 1.2.

These protocols are enabled by default in 4.6. For 4.5, you'll need to activate them in your SslStream object by using the overloaded AuthenticateAsClient call:

sslStream.AuthenticateAsClient(hostname, null, SslProtocols.Tls12 | SslProtocols.Tls11, true);
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜