SslStream, BEAST and TLS 1.1

With the recent advent of BEAST (exploits a vulnerability in SSL/T开发者_运维问答LS1.0 where the initial bytes of the payload are always the same) I looked into the SslStream class to see if it supported TLS 1.1, TLS 1.2, etc. It only supports (SslProtocol) SSL 2 and 3 (which both predate TLS) and TLS 1.0.

Given that SslProtocol only advertises support for TLS 1.0 and below, is it at all possible to use SslStream for TLS 1.1 and beyond?

Looks like an update is in order.

As of .NET 4.5, SslProtocol (and consequently SslStream) now supports TLS 1.1 and TLS 1.2.

These protocols are enabled by default in 4.6. For 4.5, you'll need to activate them in your SslStream object by using the overloaded AuthenticateAsClient call:

sslStream.AuthenticateAsClient(hostname, null, SslProtocols.Tls12 | SslProtocols.Tls11, true);