SslStream, BEAST and TLS 1.1
With the recent advent of BEAST (exploits a vulnerability in SSL/T开发者_运维问答LS1.0 where the initial bytes of the payload are always the same) I looked into the SslStream
class to see if it supported TLS 1.1, TLS 1.2, etc. It only supports (SslProtocol
) SSL 2 and 3 (which both predate TLS) and TLS 1.0.
Given that SslProtocol
only advertises support for TLS 1.0 and below, is it at all possible to use SslStream
for TLS 1.1 and beyond?
Looks like an update is in order.
As of .NET 4.5, SslProtocol (and consequently SslStream) now supports TLS 1.1 and TLS 1.2.
These protocols are enabled by default in 4.6. For 4.5, you'll need to activate them in your SslStream
object by using the overloaded AuthenticateAsClient
call:
sslStream.AuthenticateAsClient(hostname, null, SslProtocols.Tls12 | SslProtocols.Tls11, true);
精彩评论