SslStream, disable session caching

Question

The MSDN documentation says

The Framework caches SSL sessions as they are created and attempts to reuse a cached session for a new request, if possibl

Answer 1

Caching is handled inside SecureChannel - internal class that wraps SSPI and used by SslStream. I don't see any points inside that you can use to disable session caching for client connections.

You can clear cache between connections using reflection:

var sslAssembly = Assembly.GetAssembly(typeof(SslStream));

var sslSessionCacheClass = sslAssembly.GetType("System.Net.Security.SslSessionsCache");

var cachedCredsInfo = sslSessionCacheClass.GetField("s_CachedCreds", BindingFlags.NonPublic | BindingFlags.Static);
var cachedCreds = (Hashtable)cachedCredsInfo.GetValue(null);

cachedCreds.Clear();

But it's very bad practice. Consider to fix server side.