Edit

Share via


ServicePointManager.SecurityProtocol Property

Definition

Gets or sets the security protocol used by the ServicePoint objects managed by the ServicePointManager object.

public:
 static property System::Net::SecurityProtocolType SecurityProtocol { System::Net::SecurityProtocolType get(); void set(System::Net::SecurityProtocolType value); };
public static System.Net.SecurityProtocolType SecurityProtocol { get; set; }
static member SecurityProtocol : System.Net.SecurityProtocolType with get, set
Public Shared Property SecurityProtocol As SecurityProtocolType

Property Value

One of the values defined in the SecurityProtocolType enumeration.

Exceptions

The value specified to set the property is not a valid SecurityProtocolType enumeration value.

Remarks

This property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing connections aren't changed.

Starting with the .NET Framework 4.7, the default value of this property is SecurityProtocolType.SystemDefault. This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator. For information about which SSL/TLS protocols are enabled by default on each version of the Windows operating system, see Protocols in TLS/SSL (Schannel SSP).

For versions of the .NET Framework through the .NET Framework 4.6.2, no default value is listed for this property. The security landscape changes constantly, and default protocols and protection levels are changed over time in order to avoid known weaknesses. Defaults vary depending on individual machine configuration, installed software, and applied patches.

Your code should never implicitly depend on using a particular protection level, or on the assumption that a given security level is used by default. If your app depends on the use of a particular security level, you must explicitly specify that level and then check to be sure that it is actually in use on the established connection. Further, your code should be designed to be robust in the face of changes to which protocols are supported, as such changes are often made with little advance notice in order to mitigate emerging threats.

The .NET Framework 4.6 includes a new security feature that blocks insecure cipher and hashing algorithms for connections. Applications using TLS/SSL through APIs such as HttpClient, HttpWebRequest, FTPClient, SmtpClient, SslStream, etc. and targeting .NET Framework 4.6 get the more-secure behavior by default.

Developers may want to opt out of this behavior in order to maintain interoperability with their existing SSL3 services OR TLS w/ RC4 services. This article explains how to modify your code so that the new behavior is disabled.

Applies to

See also