SslProtocols Enumeration


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Defines the possible versions of SslProtocols.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

Namespace:   System.Security.Authentication
Assembly:  System (in System.dll)

public enum SslProtocols

Member nameDescription

Specifies that either Secure Sockets Layer (SSL) 3.0 or Transport Layer Security (TLS) 1.0 are acceptable for secure communications


No SSL protocol is specified.


Specifies the SSL 2.0 protocol. SSL 2.0 has been superseded by the TLS protocol and is provided for backward compatibility only.


Specifies the SSL 3.0 protocol. SSL 3.0 has been superseded by the TLS protocol and is provided for backward compatibility only.


Specifies the TLS 1.0 security protocol. The TLS protocol is defined in IETF RFC 2246.


Specifies the TLS 1.1 security protocol. The TLS protocol is defined in IETF RFC 4346.


Specifies the TLS 1.2 security protocol. The TLS protocol is defined in IETF RFC 5246.

The following code example demonstrates creating a TcpClient that uses the SslStream class to communicate with a server.

using System;
using System.Collections;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.IO;

namespace Examples.System.Net
    public class SslTcpClient 
        private static Hashtable certificateErrors = new Hashtable();

        // The following method is invoked by the RemoteCertificateValidationDelegate.
        public static bool ValidateServerCertificate(
              object sender,
              X509Certificate certificate,
              X509Chain chain,
              SslPolicyErrors sslPolicyErrors)
           if (sslPolicyErrors == SslPolicyErrors.None)
                return true;

            Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

            // Do not allow this client to communicate with unauthenticated servers.
            return false;
        public static void RunClient(string machineName, string serverName)  
            // Create a TCP/IP client socket.
            // machineName is the host running the server application.
            TcpClient client = new TcpClient(machineName,443);
            Console.WriteLine("Client connected.");
            // Create an SSL stream that will close the client's stream.
            SslStream sslStream = new SslStream(
                new RemoteCertificateValidationCallback (ValidateServerCertificate), 
            // The server name must match the name on the server certificate.
            catch (AuthenticationException e)
                Console.WriteLine("Exception: {0}", e.Message);
                if (e.InnerException != null)
                    Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
                Console.WriteLine ("Authentication failed - closing the connection.");
            // Encode a test message into a byte array.
            // Signal the end of the message using the "<EOF>".
            byte[] messsage = Encoding.UTF8.GetBytes("Hello from the client.<EOF>");
            // Send hello message to the server. 
            // Read message from the server.
            string serverMessage = ReadMessage(sslStream);
            Console.WriteLine("Server says: {0}", serverMessage);
            // Close the client connection.
            Console.WriteLine("Client closed.");
        static string ReadMessage(SslStream sslStream)
            // Read the  message sent by the server.
            // The end of the message is signaled using the
            // "<EOF>" marker.
            byte [] buffer = new byte[2048];
            StringBuilder messageData = new StringBuilder();
            int bytes = -1;
                bytes = sslStream.Read(buffer, 0, buffer.Length);

                // Use Decoder class to convert from bytes to UTF8
                // in case a character spans two buffers.
                Decoder decoder = Encoding.UTF8.GetDecoder();
                char[] chars = new char[decoder.GetCharCount(buffer,0,bytes)];
                decoder.GetChars(buffer, 0, bytes, chars,0);
                messageData.Append (chars);
                // Check for EOF.
                if (messageData.ToString().IndexOf("<EOF>") != -1)
            } while (bytes != 0); 

            return messageData.ToString();
        private static void DisplayUsage()
            Console.WriteLine("To start the client specify:");
            Console.WriteLine("clientSync machineName [serverName]");
        public static int Main(string[] args)
            string serverCertificateName = null;
            string machineName = null;
            if (args == null ||args.Length <1 )
            // User can specify the machine name and server name.
            // Server name must match the name on the server's certificate. 
            machineName = args[0];
            if (args.Length <2 )
                serverCertificateName = machineName;
                serverCertificateName = args[1];
            SslTcpClient.RunClient (machineName, serverCertificateName);
            return 0;

Universal Windows Platform
Available since 10
.NET Framework
Available since 2.0
Return to top