Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
SslStream Constructor (Stream, Boolean, RemoteCertificateValidationCallback, LocalCertificateSelectionCallback)

SslStream Constructor (Stream, Boolean, RemoteCertificateValidationCallback, LocalCertificateSelectionCallback)

Initializes a new instance of the SslStream class using the specified Stream, stream closure behavior, certificate validation delegate and certificate selection delegate.

Namespace:  System.Net.Security
Assembly:  System (in System.dll)

new : 
        innerStream:Stream * 
        leaveInnerStreamOpen:bool * 
        userCertificateValidationCallback:RemoteCertificateValidationCallback * 
        userCertificateSelectionCallback:LocalCertificateSelectionCallback -> SslStream


Type: System.IO.Stream

A Stream object used by the SslStream for sending and receiving data.

Type: System.Boolean

A Boolean value that indicates the closure behavior of the Stream object used by the SslStream for sending and receiving data. This parameter indicates if the inner stream is left open.

Type: System.Net.Security.RemoteCertificateValidationCallback

A RemoteCertificateValidationCallback delegate responsible for validating the certificate supplied by the remote party.

Type: System.Net.Security.LocalCertificateSelectionCallback

A LocalCertificateSelectionCallback delegate responsible for selecting the certificate used for authentication.


innerStream is not readable.


innerStream is not writable.


innerStream is a null reference (Nothing in Visual Basic).


innerStream is equal to Null.

When you specify true for the leaveStreamOpen parameter, closing the SslStream has no effect on the innerStream stream; you must explicitly close innerStream when you no longer need it.

The userCertificateValidationCallback delegate's certificateErrors argument contains any Windows error codes returned by the channel Security Support Provider Interface (SSPI). The return value of the method invoked by the userCertificateValidationCallback delegate determines whether authentication succeeds.

The security protocol and cryptographic algorithms are already selected when the userCertificateValidationCallback delegate's method is invoked. You can use the method to determine whether the selected cryptographic algorithms and strengths are sufficient for your application. If not, the method should return false to prevent the SslStream from being created.

The userCertificateSelectionCallback delegate is useful when your application has multiple certificates and must dynamically choose a certificate. Certificates in the "MY" store are passed to the method invoked by the delegate.

If a value is not specified in the configuration file for encryptionpolicy, the EncryptionPolicy defaults to EncryptionPolicy.RequireEncryption for the SslStream instance that is constructed.

The use of the Null cipher is required when the encryption policy is set to EncryptionPolicy.NoEncryption.


The Framework caches SSL sessions as they are created and attempts to reuse a cached session for a new request, if possible. When attempting to reuse an SSL session, the Framework uses the first element of P:System.Net.HttpWebRequest.ClientCertificates (if there is one), or tries to reuse an anonymous sessions if P:System.Net.HttpWebRequest.ClientCertificates is empty.

Windows 95, Windows 98, Windows 98 Second Edition, Windows Millennium Edition Platform Note: The Framework attempts to reuse an SSL session only if a client certificate is not required.

The following code example demonstrates calling this constructor. This example is part of a larger example provided for the SslStream class.

No code example is currently available or this language may not be supported.

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1
© 2015 Microsoft