System.Net.ServicePointManager.ClientCipherSuitesCallback Property

You can filter and/or re-order the ciphers suites that will be sent to the SSL/TLS server by providing your own callback.

Syntax

public static CipherSuitesCallback ClientCipherSuitesCallback { get; set; }

Value

Your custom delegate or null for the default behaviour.

Remarks

This mechanism cannot be used to add new ciphers. Undefined ciphers will be ignored.

This API is only available in Mono and Xamarin products.

You can filter and/or re-order the ciphers suites that the SSL/TLS server will accept from a client. The first match for a supported client cipher suite will be used (so the order is important).

The following example removes weak (export) ciphers from the list that will be offered to the server.

C# Example

ServicePointManager.ClientCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
    return from cipher in allCiphers where !cipher.Contains ("EXPORT")
    select cipher;
};

Example: Use AES128 (preference) or AES256 (allowed) but no other ciphers.

C# Example

ServicePointManager.ClientCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
    string prefix = p == SecurityProtocolType.Tls ? "TLS_" : "SSL_";
    return new List<string> { prefix + "RSA_WITH_AES_128_CBC_SHA", prefix + "RSA_WITH_AES_256_CBC_SHA" };
};

Requirements

Namespace: System.Net
Assembly: System (in System.dll)
Assembly Versions: 4.0.0.0