SocketProtectionLevel Enum
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Specifies the level of encryption to use on a StreamSocket object.
public enum class SocketProtectionLevel
/// [Windows.Foundation.Metadata.ContractVersion(Windows.Foundation.UniversalApiContract, 65536)]
enum class SocketProtectionLevel
[Windows.Foundation.Metadata.ContractVersion(typeof(Windows.Foundation.UniversalApiContract), 65536)]
public enum SocketProtectionLevel
var value = Windows.Networking.Sockets.SocketProtectionLevel.plainSocket
Public Enum SocketProtectionLevel
- Inheritance
-
SocketProtectionLevel
- Attributes
Windows requirements
Device family |
Windows 10 (introduced in 10.0.10240.0)
|
API contract |
Windows.Foundation.UniversalApiContract (introduced in v1.0)
|
App capabilities |
bluetooth.rfcomm
ID_CAP_NETWORKING [Windows Phone]
|
Fields
Name | Value | Description |
---|---|---|
PlainSocket | 0 | A plain socket with no encryption. |
Ssl | 1 | Note This value is deprecated on Windows 8.1, Windows Server 2012 R2, and later. A TCP socket that must use the Secure Sockets Layer (SSL) for encryption. This value requires encryption and never allows a NULL cipher (no encryption). This value supports the SSL 3.0 and TLS 1.0 protocols and all encryption ciphers installed on the system except the NULL cipher. For domain-joined machines, an administrator can configure additional restrictions on which ciphers are allowed. This value is marked as deprecated because it is considered insecure since RC4 and other weak ciphers are allowed. Sockets should use Tls10, Tls11, or Tls12 instead unless the target server only supports RC4 or another weak cipher. |
SslAllowNullEncryption | 2 | A TCP socket that prefers to use SSL for encryption. This value prefers that full encryption be used, but allows a NULL cipher (no encryption) based on the server configuration. This value supports the SSL 3.0 and TLS 1.0 protocols and all encryption ciphers installed on the system including the NULL cipher. For domain-joined machines, an administrator can configure additional restrictions on which ciphers are allowed. The NULL cipher does no encryption, so this value does not provide confidentiality, but is integrity protected. |
BluetoothEncryptionAllowNullAuthentication | 3 | A Bluetooth socket that prefers that encryption be used, but allows a NULL cipher (no encryption) based on the configuration of the target server. This value is supported on Windows 8.1, Windows Server 2012 R2, and later. |
BluetoothEncryptionWithAuthentication | 4 | A Bluetooth socket that must use encryption. This value requires encryption and never allows a NULL cipher. This value is supported on Windows 8.1, Windows Server 2012 R2, and later. |
Ssl3AllowWeakEncryption | 5 | A TCP socket that must use SSL for encryption. This value supports the SSL 3.0 protocol and all encryption ciphers installed on the system except the NULL cipher. This value allows RC4 and other weak ciphers which are considered insecure. For domain-joined machines, an administrator can configure additional restrictions on which ciphers are allowed. This value is supported on Windows 8.1, Windows Server 2012 R2, and later. |
Tls10 | 6 | A TCP socket that must use SSL for encryption. This value supports the TLS 1.0 protocol and all encryption ciphers installed on the system except RC4, other weak ciphers, and the NULL cipher. For domain-joined machines, an administrator can configure additional restrictions on which ciphers are allowed. This value is supported on Windows 8.1, Windows Server 2012 R2, and later. |
Tls11 | 7 | A TCP socket that must use SSL for encryption. This value supports the TLS 1.1 and TLS 1.0 protocols and all encryption ciphers installed on the system except RC4, other weak ciphers, and the NULL cipher. For domain-joined machines, an administrator can configure additional restrictions on which ciphers are allowed. This value is supported on Windows 8.1, Windows Server 2012 R2, and later. |
Tls12 | 8 | A TCP socket that must use SSL for encryption. This value supports the TLS 1.2, TLS 1.1 and TLS 1.0 protocols and all encryption ciphers installed on the system except RC4, other weak ciphers, and the NULL cipher. For domain-joined machines, an administrator can configure additional restrictions on which ciphers are allowed. This value is supported on Windows 8.1, Windows Server 2012 R2, and later. |
Unspecified | 9 | The protection level is unspecified. |
Tls13 | 10 |
Remarks
The SocketProtectionLevel enumeration allow clients to control protocol negotiation for security options with servers when using the StreamSocket object.
For TCP sockets, the various enum values allow app developers to control the use of the TLS 1.2, TLS 1.1, TLS 1.0, and SSL 3.0 protocols and restrict the use of the RC4 and other weak ciphers which are considered insecure. This allows developers to configure apps that are compatible across a very wide set of servers.
For Bluetooth RFCOMM sockets, the various enum values allow app developers to control the use of Bluetooth encryption.
The users of non-domain joined machines can also disable ciphers and protocols by using registry settings. For more information, see How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll.
The SocketProtectionLevel enumeration also allow servers to control protocol negotiation for security with clients when using the StreamSocketListener object to listen and bind to sockets over Bluetooth. When the StreamSocketListener object is used over Bluetooth, the supported SocketProtectionLevel values are PlainSocket, BluetoothEncryptionAllowNullAuthentication, or BluetoothEncryptionWithAuthentication. When the StreamSocketListener object is used to listen and bind to TCP sockets, the only supported SocketProtectionLevel value is PlainSocket.
Version history
Windows version | SDK version | Value added |
---|---|---|
1709 | 16299 | Unspecified |