SslStream.SslStream(Stream, Boolean, RemoteCertificateValidationCallback) Constructor

Initializes a new instance of the SslStream class using the specified Stream, stream closure behavior and certificate validation delegate.

Namespace: System.Net.Security
Assembly: System (in system.dll)

public SslStream (
	Stream innerStream,
	bool leaveInnerStreamOpen,
	RemoteCertificateValidationCallback userCertificateValidationCallback
public SslStream (
	Stream innerStream, 
	boolean leaveInnerStreamOpen, 
	RemoteCertificateValidationCallback userCertificateValidationCallback
public function SslStream (
	innerStream : Stream, 
	leaveInnerStreamOpen : boolean, 
	userCertificateValidationCallback : RemoteCertificateValidationCallback
Not applicable.



Initializes a new instance of the SslStream class using the specified Stream and stream closure behavior.


Initializes a new instance of the SslStream class using the specified Stream and stream closure behavior.


A RemoteCertificateValidationCallback delegate responsible for validating the certificate supplied by the remote party.

Exception typeCondition


innerStream is not readable.


innerStream is not writable.


innerStream is a null reference (Nothing in Visual Basic).


innerStream is equal to Null.

When you specify true for the leaveStreamOpen parameter, closing the SslStream has no effect on the innerStream stream; you must explicitly close innerStream when you no longer need it.

The userCertificateValidationCallback delegate's certificateErrors argument contains any Windows error codes returned by the channel Security Support Provider Interface (SSPI). The return value of the method invoked by the userCertificateValidationCallback delegate determines whether authentication succeeds.

The security protocol and cryptographic algorithms are already selected when the userCertificateValidationCallback delegate's method is invoked. You can use the method to determine whether the selected cryptographic algorithms and strengths are sufficient for your application. If not, the method should return false to prevent the SslStream from being created.


The Framework caches SSL sessions as they are created and attempts to reuse a cached session for a new request, if possible. When attempting to reuse an SSL session, the Framework uses the first element of ClientCertificates (if there is one), or tries to reuse an anonymous sessions if ClientCertificates is empty.


Client certificates are not supported in the SSL version 2 protocol.

Windows 95, Windows 98, Windows 98 Second Edition, Windows Millennium Edition Platform Note: The Framework attempts to reuse an SSL session only if a client certificate is not required.

The following code example creates an SslStream and initiates the client portion of the authentication.

// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient client = new TcpClient(machineName,443);
Console.WriteLine("Client connected.");
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
    new RemoteCertificateValidationCallback (ValidateServerCertificate), 
// The server name must match the name on the server certificate.
catch (AuthenticationException e)
    Console.WriteLine("Exception: {0}", e.Message);
    if (e.InnerException != null)
        Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
    Console.WriteLine ("Authentication failed - closing the connection.");

Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions