SslStream Constructors
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Initializes a new instance of the SslStream class.
| SslStream(Stream) |
Initializes a new instance of the SslStream class using the specified Stream. |
| SslStream(Stream, Boolean) |
Initializes a new instance of the SslStream class using the specified Stream and stream closure behavior. |
| SslStream(Stream, Boolean, RemoteCertificateValidationCallback) |
Initializes a new instance of the SslStream class using the specified Stream, stream closure behavior and certificate validation delegate. |
| SslStream(Stream, Boolean, RemoteCertificateValidationCallback, LocalCertificateSelectionCallback) |
Initializes a new instance of the SslStream class using the specified Stream, stream closure behavior, certificate validation delegate and certificate selection delegate. |
| SslStream(Stream, Boolean, RemoteCertificateValidationCallback, LocalCertificateSelectionCallback, EncryptionPolicy) |
Initializes a new instance of the SslStream class using the specified Stream. |
To prevent the SslStream from closing the stream that you supply, use the SslStream constructor.
- Source:
- SslStream.cs
- Source:
- SslStream.cs
- Source:
- SslStream.cs
public:
SslStream(System::IO::Stream ^ innerStream);public SslStream(System.IO.Stream innerStream);new System.Net.Security.SslStream : System.IO.Stream -> System.Net.Security.SslStreamPublic Sub New (innerStream As Stream)Parameters
Exceptions
Remarks
If a value is not specified in the configuration file for encryptionpolicy, the EncryptionPolicy defaults to EncryptionPolicy.RequireEncryption for the SslStream instance that is constructed.
The use of the Null cipher is required when the encryption policy is set to EncryptionPolicy.NoEncryption.
Applies to
.NET 10 and other versions
| Product | Versions |
|---|---|
| .NET | Core 1.0, Core 1.1, Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1, 5, 6, 7, 8, 9, 10 |
| .NET Framework | 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 |
| .NET Standard | 2.0, 2.1 |
- Source:
- SslStream.cs
- Source:
- SslStream.cs
- Source:
- SslStream.cs
public:
SslStream(System::IO::Stream ^ innerStream, bool leaveInnerStreamOpen);public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen);new System.Net.Security.SslStream : System.IO.Stream * bool -> System.Net.Security.SslStreamPublic Sub New (innerStream As Stream, leaveInnerStreamOpen As Boolean)Parameters
- leaveInnerStreamOpen
- Boolean
A Boolean value that indicates the closure behavior of the Stream object used by the SslStream for sending and receiving data. This parameter indicates if the inner stream is left open.
Exceptions
Examples
The following code example demonstrates calling this constructor.
static void ProcessClient( TcpClient^ client )
{
// A client has connected. Create the
// SslStream using the client's network stream.
SslStream^ sslStream = gcnew SslStream( client->GetStream(),false );
// Authenticate the server but don't require the client to authenticate.
try
{
sslStream->AuthenticateAsServer( serverCertificate, false, true );
// false == no client cert required; true == check cert revocation.
// Display the properties and settings for the authenticated stream.
DisplaySecurityLevel( sslStream );
DisplaySecurityServices( sslStream );
DisplayCertificateInformation( sslStream );
DisplayStreamProperties( sslStream );
// Set timeouts for the read and write to 5 seconds.
sslStream->ReadTimeout = 5000;
sslStream->WriteTimeout = 5000;
// Read a message from the client.
Console::WriteLine( L"Waiting for client message..." );
String^ messageData = ReadMessage( sslStream );
Console::WriteLine( L"Received: {0}", messageData );
// Write a message to the client.
array<Byte>^message = Encoding::UTF8->GetBytes( L"Hello from the server.<EOF>" );
Console::WriteLine( L"Sending hello message." );
sslStream->Write( message );
}
catch ( AuthenticationException^ e )
{
Console::WriteLine( L"Exception: {0}", e->Message );
if ( e->InnerException != nullptr )
{
Console::WriteLine( L"Inner exception: {0}", e->InnerException->Message );
}
Console::WriteLine( L"Authentication failed - closing the connection." );
sslStream->Close();
client->Close();
return;
}
finally
{
// The client stream will be closed with the sslStream
// because we specified this behavior when creating
// the sslStream.
sslStream->Close();
client->Close();
}
}
static void ProcessClient (TcpClient client)
{
// A client has connected. Create the
// SslStream using the client's network stream.
SslStream sslStream = new SslStream(
client.GetStream(), false);
// Authenticate the server but don't require the client to authenticate.
try
{
sslStream.AuthenticateAsServer(serverCertificate, clientCertificateRequired: false, checkCertificateRevocation: true);
// Display the properties and settings for the authenticated stream.
DisplaySecurityLevel(sslStream);
DisplaySecurityServices(sslStream);
DisplayCertificateInformation(sslStream);
DisplayStreamProperties(sslStream);
// Set timeouts for the read and write to 5 seconds.
sslStream.ReadTimeout = 5000;
sslStream.WriteTimeout = 5000;
// Read a message from the client.
Console.WriteLine("Waiting for client message...");
string messageData = ReadMessage(sslStream);
Console.WriteLine("Received: {0}", messageData);
// Write a message to the client.
byte[] message = Encoding.UTF8.GetBytes("Hello from the server.<EOF>");
Console.WriteLine("Sending hello message.");
sslStream.Write(message);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine ("Authentication failed - closing the connection.");
sslStream.Close();
client.Close();
return;
}
finally
{
// The client stream will be closed with the sslStream
// because we specified this behavior when creating
// the sslStream.
sslStream.Close();
client.Close();
}
}
Private Shared Sub ProcessClient(client As TcpClient)
' A client has connected. Create the
' SslStream using the client's network stream.
Dim sslStream = New SslStream(client.GetStream(), False)
Try
sslStream.AuthenticateAsServer(serverCertificate, clientCertificateRequired:=False, checkCertificateRevocation:=True)
' Display the properties And settings for the authenticated stream.
DisplaySecurityLevel(sslStream)
DisplaySecurityServices(sslStream)
DisplayCertificateInformation(sslStream)
DisplayStreamProperties(sslStream)
' Set timeouts for the read and write to 5 seconds.
sslStream.ReadTimeout = 5000
sslStream.WriteTimeout = 5000
' Read a message from the client.
Console.WriteLine("Waiting for client message...")
Dim messageData As String = ReadMessage(sslStream)
Console.WriteLine("Received: {0}", messageData)
' Write a message to the client.
Dim message As Byte() = Encoding.UTF8.GetBytes("Hello from the server.<EOF>")
Console.WriteLine("Sending hello message.")
sslStream.Write(message)
Catch e As AuthenticationException
Console.WriteLine("Exception: {0}", e.Message)
If e.InnerException IsNot Nothing Then
Console.WriteLine("Inner exception: {0}", e.InnerException.Message)
End If
Console.WriteLine("Authentication failed - closing the connection.")
sslStream.Close()
client.Close()
Return
Finally
' The client stream will be closed with the sslStream
' because we specified this behavior when creating
' the sslStream.
sslStream.Close()
client.Close()
End Try
End Sub
Remarks
When you specify true for the leaveStreamOpen parameter, closing the SslStream has no effect on the innerStream stream; you must explicitly close innerStream when you no longer need it.
If a value is not specified in the configuration file for encryptionpolicy, the EncryptionPolicy defaults to EncryptionPolicy.RequireEncryption for the SslStream instance that is constructed.
The use of the Null cipher is required when the encryption policy is set to EncryptionPolicy.NoEncryption.
Applies to
.NET 10 and other versions
| Product | Versions |
|---|---|
| .NET | Core 1.0, Core 1.1, Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1, 5, 6, 7, 8, 9, 10 |
| .NET Framework | 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 |
| .NET Standard | 2.0, 2.1 |
- Source:
- SslStream.cs
- Source:
- SslStream.cs
- Source:
- SslStream.cs
public:
SslStream(System::IO::Stream ^ innerStream, bool leaveInnerStreamOpen, System::Net::Security::RemoteCertificateValidationCallback ^ userCertificateValidationCallback);public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback);public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback);new System.Net.Security.SslStream : System.IO.Stream * bool * System.Net.Security.RemoteCertificateValidationCallback -> System.Net.Security.SslStreamPublic Sub New (innerStream As Stream, leaveInnerStreamOpen As Boolean, userCertificateValidationCallback As RemoteCertificateValidationCallback)Parameters
- leaveInnerStreamOpen
- Boolean
A Boolean value that indicates the closure behavior of the Stream object used by the SslStream for sending and receiving data. This parameter indicates if the inner stream is left open.
- userCertificateValidationCallback
- RemoteCertificateValidationCallback
A RemoteCertificateValidationCallback delegate responsible for validating the certificate supplied by the remote party.
Exceptions
Examples
The following code example creates an SslStream and initiates the client portion of the authentication.
// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient^ client = gcnew TcpClient(machineName, 5000);
Console::WriteLine("Client connected.");
// Create an SSL stream that will close
// the client's stream.
SslStream^ sslStream = gcnew SslStream(
client->GetStream(), false,
gcnew RemoteCertificateValidationCallback(ValidateServerCertificate),
nullptr);
// The server name must match the name
// on the server certificate.
try
{
sslStream->AuthenticateAsClient(serverName);
}
catch (AuthenticationException^ ex)
{
Console::WriteLine("Exception: {0}", ex->Message);
if (ex->InnerException != nullptr)
{
Console::WriteLine("Inner exception: {0}",
ex->InnerException->Message);
}
Console::WriteLine("Authentication failed - "
"closing the connection.");
sslStream->Close();
client->Close();
return;
}
// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient client = new TcpClient(machineName,5000);
Console.WriteLine("Client connected.");
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback (ValidateServerCertificate),
null
);
// The server name must match the name on the server certificate.
try
{
sslStream.AuthenticateAsClient(serverName);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine ("Authentication failed - closing the connection.");
client.Close();
return;
}
' Create a TCP/IP client socket.
' machineName is the host running the server application.
Dim client = New TcpClient(machineName, 5000)
Console.WriteLine("Client connected.")
' Create an SSL stream that will close the client's stream.
Dim sslStream = New SslStream(
client.GetStream(), False,
New RemoteCertificateValidationCallback(AddressOf ValidateServerCertificate), Nothing)
' The server name must match the name on the server certificate.
Try
sslStream.AuthenticateAsClient(serverName)
Catch e As AuthenticationException
Console.WriteLine("Exception: {0}", e.Message)
If e.InnerException IsNot Nothing Then
Console.WriteLine("Inner exception: {0}", e.InnerException.Message)
End If
Console.WriteLine("Authentication failed - closing the connection.")
client.Close()
Return
End Try
Remarks
When you specify true for the leaveStreamOpen parameter, closing the SslStream has no effect on the innerStream stream; you must explicitly close innerStream when you no longer need it.
The userCertificateValidationCallback delegate's certificateErrors argument contains any Windows error codes returned by the channel Security Support Provider Interface (SSPI). The return value of the method invoked by the userCertificateValidationCallback delegate determines whether authentication succeeds.
The security protocol and cryptographic algorithms are already selected when the userCertificateValidationCallback delegate's method is invoked. You can use the method to determine whether the selected cryptographic algorithms and strengths are sufficient for your application. If not, the method should return false to prevent the SslStream from being created.
If a value is not specified in the configuration file for encryptionpolicy, the EncryptionPolicy defaults to EncryptionPolicy.RequireEncryption for the SslStream instance that is constructed.
The use of the Null cipher is required when the encryption policy is set to EncryptionPolicy.NoEncryption.
Note
.NET caches SSL sessions as they are created and attempts to reuse a cached session for subsequent requests, if possible. When attempting to reuse an SSL session, the Framework uses the first element of the X509Certificate2Collection provided during authentication (if there is one), or tries to reuse an anonymous sessions if the certificate collection is empty.
Note
Client certificates are not supported in the SSL version 2 protocol.
Applies to
.NET 10 and other versions
| Product | Versions |
|---|---|
| .NET | Core 1.0, Core 1.1, Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1, 5, 6, 7, 8, 9, 10 |
| .NET Framework | 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 |
| .NET Standard | 2.0, 2.1 |
- Source:
- SslStream.cs
- Source:
- SslStream.cs
- Source:
- SslStream.cs
public:
SslStream(System::IO::Stream ^ innerStream, bool leaveInnerStreamOpen, System::Net::Security::RemoteCertificateValidationCallback ^ userCertificateValidationCallback, System::Net::Security::LocalCertificateSelectionCallback ^ userCertificateSelectionCallback);public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback? userCertificateSelectionCallback);public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback userCertificateSelectionCallback);new System.Net.Security.SslStream : System.IO.Stream * bool * System.Net.Security.RemoteCertificateValidationCallback * System.Net.Security.LocalCertificateSelectionCallback -> System.Net.Security.SslStreamPublic Sub New (innerStream As Stream, leaveInnerStreamOpen As Boolean, userCertificateValidationCallback As RemoteCertificateValidationCallback, userCertificateSelectionCallback As LocalCertificateSelectionCallback)Parameters
- leaveInnerStreamOpen
- Boolean
A Boolean value that indicates the closure behavior of the Stream object used by the SslStream for sending and receiving data. This parameter indicates if the inner stream is left open.
- userCertificateValidationCallback
- RemoteCertificateValidationCallback
A RemoteCertificateValidationCallback delegate responsible for validating the certificate supplied by the remote party.
- userCertificateSelectionCallback
- LocalCertificateSelectionCallback
A LocalCertificateSelectionCallback delegate responsible for selecting the certificate used for authentication.
Exceptions
Examples
The following code example demonstrates calling this constructor. This example is part of a larger example provided for the SslStream class.
// Server name must match the host name and the name on the host's certificate.
serverName = args[ 1 ];
// Create a TCP/IP client socket.
TcpClient^ client = gcnew TcpClient( serverName,5000 );
Console::WriteLine( L"Client connected." );
// Create an SSL stream that will close the client's stream.
SslStream^ sslStream = gcnew SslStream(
client->GetStream(),
false,
gcnew RemoteCertificateValidationCallback( ValidateServerCertificate ),
gcnew LocalCertificateSelectionCallback( SelectLocalCertificate ) );
// Server name must match the host name and the name on the host's certificate.
serverName = args[0];
// Create a TCP/IP client socket.
TcpClient client = new TcpClient(serverName,5000);
Console.WriteLine("Client connected.");
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback (ValidateServerCertificate),
new LocalCertificateSelectionCallback(SelectLocalCertificate)
);
' Server name must match the host name and the name on the host's certificate.
serverName = args(0)
' Create a TCP/IP client socket.
Dim client As New TcpClient(serverName, 5000)
Console.WriteLine("Client connected.")
' Create an SSL stream that will close the client's stream.
Dim sslStream As New SslStream(
client.GetStream(), False,
New RemoteCertificateValidationCallback(AddressOf ValidateServerCertificate),
New LocalCertificateSelectionCallback(AddressOf SelectLocalCertificate))
Remarks
When you specify true for the leaveStreamOpen parameter, closing the SslStream has no effect on the innerStream stream; you must explicitly close innerStream when you no longer need it.
The userCertificateValidationCallback delegate's certificateErrors argument contains any Windows error codes returned by the channel Security Support Provider Interface (SSPI). The return value of the method invoked by the userCertificateValidationCallback delegate determines whether authentication succeeds.
The security protocol and cryptographic algorithms are already selected when the userCertificateValidationCallback delegate's method is invoked. You can use the method to determine whether the selected cryptographic algorithms and strengths are sufficient for your application. If not, the method should return false to prevent the SslStream from being created.
The userCertificateSelectionCallback delegate is useful when your application has multiple certificates and must dynamically choose a certificate. Certificates in the "MY" store are passed to the method invoked by the delegate.
If a value is not specified in the configuration file for encryptionpolicy, the EncryptionPolicy defaults to EncryptionPolicy.RequireEncryption for the SslStream instance that is constructed.
The use of the Null cipher is required when the encryption policy is set to EncryptionPolicy.NoEncryption.
Note
.NET caches SSL sessions as they are created and attempts to reuse a cached session for subsequent requests, if possible. When attempting to reuse an SSL session, the Framework uses the first element of the X509Certificate2Collection provided during authentication (if there is one), or tries to reuse an anonymous sessions if the certificate collection is empty.
Applies to
.NET 10 and other versions
| Product | Versions |
|---|---|
| .NET | Core 1.0, Core 1.1, Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1, 5, 6, 7, 8, 9, 10 |
| .NET Framework | 2.0, 3.0, 3.5, 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 |
| .NET Standard | 2.0, 2.1 |
SslStream(Stream, Boolean, RemoteCertificateValidationCallback, LocalCertificateSelectionCallback, EncryptionPolicy)
- Source:
- SslStream.IO.cs
- Source:
- SslStream.cs
- Source:
- SslStream.cs
public:
SslStream(System::IO::Stream ^ innerStream, bool leaveInnerStreamOpen, System::Net::Security::RemoteCertificateValidationCallback ^ userCertificateValidationCallback, System::Net::Security::LocalCertificateSelectionCallback ^ userCertificateSelectionCallback, System::Net::Security::EncryptionPolicy encryptionPolicy);public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback? userCertificateSelectionCallback, System.Net.Security.EncryptionPolicy encryptionPolicy);public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback userCertificateSelectionCallback, System.Net.Security.EncryptionPolicy encryptionPolicy);new System.Net.Security.SslStream : System.IO.Stream * bool * System.Net.Security.RemoteCertificateValidationCallback * System.Net.Security.LocalCertificateSelectionCallback * System.Net.Security.EncryptionPolicy -> System.Net.Security.SslStreamPublic Sub New (innerStream As Stream, leaveInnerStreamOpen As Boolean, userCertificateValidationCallback As RemoteCertificateValidationCallback, userCertificateSelectionCallback As LocalCertificateSelectionCallback, encryptionPolicy As EncryptionPolicy)Parameters
- leaveInnerStreamOpen
- Boolean
A Boolean value that indicates the closure behavior of the Stream object used by the SslStream for sending and receiving data. This parameter indicates if the inner stream is left open.
- userCertificateValidationCallback
- RemoteCertificateValidationCallback
A RemoteCertificateValidationCallback delegate responsible for validating the certificate supplied by the remote party.
- userCertificateSelectionCallback
- LocalCertificateSelectionCallback
A LocalCertificateSelectionCallback delegate responsible for selecting the certificate used for authentication.
- encryptionPolicy
- EncryptionPolicy
The EncryptionPolicy to use.
Exceptions
innerStream is not readable.
-or-
innerStream is not writable.
-or-
encryptionPolicy is not valid.
Remarks
The use of the Null cipher is required when the encryptionPolicy parameter is set to EncryptionPolicy.NoEncryption.
Applies to
.NET 10 and other versions
| Product | Versions |
|---|---|
| .NET | Core 1.0, Core 1.1, Core 2.0, Core 2.1, Core 2.2, Core 3.0, Core 3.1, 5, 6, 7, 8, 9, 10 |
| .NET Framework | 4.0, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 |
| .NET Standard | 2.0, 2.1 |
.NET feedback
.NET is an open source project. Select a link to provide feedback: