SslStream Constructor (Stream, Boolean, RemoteCertificateValidationCallback)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Initializes a new instance of the SslStream class using the specified Stream, stream closure behavior and certificate validation delegate.

Namespace:   System.Net.Security
Assembly:  System (in System.dll)

Public Sub New (
	innerStream As Stream,
	leaveInnerStreamOpen As Boolean,
	userCertificateValidationCallback As RemoteCertificateValidationCallback


Type: System.IO.Stream

A Stream object used by the SslStream for sending and receiving data.

Type: System.Boolean

A Boolean value that indicates the closure behavior of the Stream object used by the SslStream for sending and receiving data. This parameter indicates if the inner stream is left open.

Type: System.Net.Security.RemoteCertificateValidationCallback

A RemoteCertificateValidationCallback delegate responsible for validating the certificate supplied by the remote party.

Exception Condition

innerStream is not readable.


innerStream is not writable.


innerStream is null.


innerStream is equal to Null.

When you specify true for the leaveStreamOpen parameter, closing the SslStream has no effect on the innerStream stream; you must explicitly close innerStream when you no longer need it.

The userCertificateValidationCallback delegate's certificateErrors argument contains any Windows error codes returned by the channel Security Support Provider Interface (SSPI). The return value of the method invoked by the userCertificateValidationCallback delegate determines whether authentication succeeds.

The security protocol and cryptographic algorithms are already selected when the userCertificateValidationCallback delegate's method is invoked. You can use the method to determine whether the selected cryptographic algorithms and strengths are sufficient for your application. If not, the method should return false to prevent the SslStream from being created.

If a value is not specified in the configuration file for encryptionpolicy, the EncryptionPolicy defaults to EncryptionPolicy.RequireEncryption for the SslStream instance that is constructed.

The use of the Null cipher is required when the encryption policy is set to EncryptionPolicy.NoEncryption.


The Framework caches SSL sessions as they are created and attempts to reuse a cached session for a new request, if possible. When attempting to reuse an SSL session, the Framework uses the first element of ClientCertificates (if there is one), or tries to reuse an anonymous sessions if ClientCertificates is empty.


Client certificates are not supported in the SSL version 2 protocol.


The Framework attempts to reuse an SSL session only if a client certificate is not required.

The following code example creates an SslStream and initiates the client portion of the authentication.

No code example is currently available or this language may not be supported.

.NET Framework
Available since 2.0
Return to top