SocketSslErrorSeverity enumeration

Applies to Windows and Windows Phone

The category of error that occurs on an SSL connection.

Syntax


var value = Windows.Networking.Sockets.SocketSslErrorSeverity.none;

Attributes

[Version(0x06030000)]

Members

The SocketSslErrorSeverity enumeration has these members.

MemberValueDescription
None | none0

No error occurs on the SSL connection.

Ignorable | ignorable1

Ignorable errors indicate that the SSL server’s certificate cannot be properly validated.

Disregarding Ignorable errors may result in the loss of privacy or integrity of the content passed over the SSL session. Reasons for encountering this severity level include:

  • The certificate for the SSL server is expired.
  • The certificate for the SSL server does match the SSL server’s domain name.
  • The certificate for the SSL server was not issued by a trusted certification authority
Fatal | fatal2

Fatal errors indicate the SSL server’s certificate cannot be validated. Reasons for encountering this severity level include:

  • The certificate for the SSL server was revoked by the issuing certification authority.
  • The signature for the SSL server's certificate or the content in the certificate is invalid
• •

Remarks

The SocketSslErrorSeverity enumeration indicates the category of error that occurs when an SSL connection to a server is established.

SSL server errors should only be ignored in advanced scenarios. Disregarding server certificate errors classified as either Ignorable or Fatal may result in the loss of privacy or integrity of the content passed over the SSL session.

Some organizations may use self-signed certificates for private use rather than registered the certificates with a trusted certificate authority. An SSL connection to these sites might be a case where an Ignorable error might be tolerated if the server's SSL certificate can be verified by other means.

To validate self-signed certificates effectively, an app must validate the public key of the certificate (using a certificate thumbprint or hash of the public key, for example). See the Windows.Security.Cryptography.Certificates namespace for classes that support calculating certificate thumbprints and other validation operations.

If the public key cannot be validated, displaying other certificate details to users by default is not advisable. This may cause users to assume the information is valid when it may in fact be provided by an attacker.

Requirements

Minimum supported client

Windows 8.1

Minimum supported server

Windows Server 2012 R2

Minimum supported phone

Windows Phone 8.1 [Windows Phone Silverlight 8.1 and Windows Runtime apps]

Namespace

Windows.Networking.Sockets
Windows::Networking::Sockets [C++]

Metadata

Windows.winmd

See also

HttpBaseProtocolFilter.IgnorableServerCertificateErrors
HttpTransportInformation.ServerCertificate
HttpTransportInformation.ServerCertificateErrorSeverity
HttpTransportInformation.ServerCertificateErrors
HttpTransportInformation.ServerIntermediateCertificates
StreamSocketControl.IgnorableServerCertificateErrors
StreamSocketInformation.ServerCertificate
StreamSocketInformation.ServerCertificateErrorSeverity
StreamSocketInformation.ServerCertificateErrors
StreamSocketInformation.ServerIntermediateCertificates

 

 

Show:
© 2014 Microsoft