SecurityProtocolType Enumeration


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Specifies the security protocols that are supported by the Schannel security package.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

Namespace:   System.Net
Assembly:  System (in System.dll)

public enum SecurityProtocolType

Member nameDescription

Specifies the Secure Socket Layer (SSL) 3.0 security protocol.


Specifies the system default security protocol as defined by Schannel.


Specifies the Transport Layer Security (TLS) 1.0 security protocol.


Specifies the Transport Layer Security (TLS) 1.1 security protocol.


Specifies the Transport Layer Security (TLS) 1.2 security protocol.

This enumeration defines permissible values for the SecurityProtocol property and specifies the security protocols that are used by instances of the SslStream class.

The following code example demonstrates creating a TcpClient that uses the SslStream class to communicate with a server.

using System;
using System.Collections;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.IO;

namespace Examples.System.Net
    public class SslTcpClient 
        private static Hashtable certificateErrors = new Hashtable();

        // The following method is invoked by the RemoteCertificateValidationDelegate.
        public static bool ValidateServerCertificate(
              object sender,
              X509Certificate certificate,
              X509Chain chain,
              SslPolicyErrors sslPolicyErrors)
           if (sslPolicyErrors == SslPolicyErrors.None)
                return true;

            Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

            // Do not allow this client to communicate with unauthenticated servers.
            return false;
        public static void RunClient(string machineName, string serverName)  
            // Create a TCP/IP client socket.
            // machineName is the host running the server application.
            TcpClient client = new TcpClient(machineName,443);
            Console.WriteLine("Client connected.");
            // Create an SSL stream that will close the client's stream.
            SslStream sslStream = new SslStream(
                new RemoteCertificateValidationCallback (ValidateServerCertificate), 
            // The server name must match the name on the server certificate.
            catch (AuthenticationException e)
                Console.WriteLine("Exception: {0}", e.Message);
                if (e.InnerException != null)
                    Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
                Console.WriteLine ("Authentication failed - closing the connection.");
            // Encode a test message into a byte array.
            // Signal the end of the message using the "<EOF>".
            byte[] messsage = Encoding.UTF8.GetBytes("Hello from the client.<EOF>");
            // Send hello message to the server. 
            // Read message from the server.
            string serverMessage = ReadMessage(sslStream);
            Console.WriteLine("Server says: {0}", serverMessage);
            // Close the client connection.
            Console.WriteLine("Client closed.");
        static string ReadMessage(SslStream sslStream)
            // Read the  message sent by the server.
            // The end of the message is signaled using the
            // "<EOF>" marker.
            byte [] buffer = new byte[2048];
            StringBuilder messageData = new StringBuilder();
            int bytes = -1;
                bytes = sslStream.Read(buffer, 0, buffer.Length);

                // Use Decoder class to convert from bytes to UTF8
                // in case a character spans two buffers.
                Decoder decoder = Encoding.UTF8.GetDecoder();
                char[] chars = new char[decoder.GetCharCount(buffer,0,bytes)];
                decoder.GetChars(buffer, 0, bytes, chars,0);
                messageData.Append (chars);
                // Check for EOF.
                if (messageData.ToString().IndexOf("<EOF>") != -1)
            } while (bytes != 0); 

            return messageData.ToString();
        private static void DisplayUsage()
            Console.WriteLine("To start the client specify:");
            Console.WriteLine("clientSync machineName [serverName]");
        public static int Main(string[] args)
            string serverCertificateName = null;
            string machineName = null;
            if (args == null ||args.Length <1 )
            // User can specify the machine name and server name.
            // Server name must match the name on the server's certificate. 
            machineName = args[0];
            if (args.Length <2 )
                serverCertificateName = machineName;
                serverCertificateName = args[1];
            SslTcpClient.RunClient (machineName, serverCertificateName);
            return 0;

.NET Framework
Available since 1.1
Return to top