问题
With the recent advent of BEAST (exploits a vulnerability in SSL/TLS1.0 where the initial bytes of the payload are always the same) I looked into the SslStream class to see if it supported TLS 1.1, TLS 1.2, etc. It only supports (SslProtocol) SSL 2 and 3 (which both predate TLS) and TLS 1.0.
Given that SslProtocol only advertises support for TLS 1.0 and below, is it at all possible to use SslStream for TLS 1.1 and beyond?
回答1:
Looks like an update is in order.
As of .NET 4.5, SslProtocol (and consequently SslStream) now supports TLS 1.1 and TLS 1.2.
These protocols are enabled by default in 4.6. For 4.5, you'll need to activate them in your SslStream object by using the overloaded AuthenticateAsClient call:
sslStream.AuthenticateAsClient(hostname, null, SslProtocols.Tls12 | SslProtocols.Tls11, true);
来源:https://stackoverflow.com/questions/7528887/sslstream-beast-and-tls-1-1