-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Expand file tree
/
Copy pathSslStream.xml
More file actions
5535 lines (4965 loc) · 405 KB
/
SslStream.xml
File metadata and controls
5535 lines (4965 loc) · 405 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<Type Name="SslStream" FullName="System.Net.Security.SslStream">
<TypeSignature Language="C#" Value="public class SslStream : System.Net.Security.AuthenticatedStream" />
<TypeSignature Language="ILAsm" Value=".class public auto ansi beforefieldinit SslStream extends System.Net.Security.AuthenticatedStream" />
<TypeSignature Language="DocId" Value="T:System.Net.Security.SslStream" />
<TypeSignature Language="VB.NET" Value="Public Class SslStream
Inherits AuthenticatedStream" />
<TypeSignature Language="F#" Value="type SslStream = class
 inherit AuthenticatedStream" />
<TypeSignature Language="C++ CLI" Value="public ref class SslStream : System::Net::Security::AuthenticatedStream" />
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<TypeForwardingChain>
<TypeForwarding From="netstandard" FromVersion="2.1.0.0" To="System.Net.Security" ToVersion="10.0.0.0" FrameworkAlternate="net-10.0" />
<TypeForwarding From="netstandard" FromVersion="2.1.0.0" To="System.Net.Security" ToVersion="11.0.0.0" FrameworkAlternate="net-11.0" />
<TypeForwarding From="netstandard" FromVersion="2.1.0.0" To="System.Net.Security" ToVersion="5.0.0.0" FrameworkAlternate="net-5.0" />
<TypeForwarding From="netstandard" FromVersion="2.1.0.0" To="System.Net.Security" ToVersion="6.0.0.0" FrameworkAlternate="net-6.0" />
<TypeForwarding From="netstandard" FromVersion="2.1.0.0" To="System.Net.Security" ToVersion="7.0.0.0" FrameworkAlternate="net-7.0" />
<TypeForwarding From="netstandard" FromVersion="2.1.0.0" To="System.Net.Security" ToVersion="8.0.0.0" FrameworkAlternate="net-8.0" />
<TypeForwarding From="netstandard" FromVersion="2.1.0.0" To="System.Net.Security" ToVersion="9.0.0.0" FrameworkAlternate="net-9.0" />
</TypeForwardingChain>
<Base>
<BaseTypeName>System.Net.Security.AuthenticatedStream</BaseTypeName>
</Base>
<Interfaces>
</Interfaces>
<Attributes>
<Attribute FrameworkAlternate="net-10.0;net-11.0;net-8.0;net-9.0">
<AttributeName Language="C#">[System.Runtime.CompilerServices.Nullable(0)]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.CompilerServices.Nullable(0)>]</AttributeName>
</Attribute>
</Attributes>
<Docs>
<summary>Provides a stream used for client-server communication that uses the Secure Socket Layer (SSL) security protocol to authenticate the server and optionally the client.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
SSL protocols help to provide confidentiality and integrity checking for messages transmitted using an <xref:System.Net.Security.SslStream>. An SSL connection, such as that provided by <xref:System.Net.Security.SslStream>, should be used when communicating sensitive information between a client and a server. Using an <xref:System.Net.Security.SslStream> helps to prevent anyone from reading and tampering with information while it is in transit on the network.
An <xref:System.Net.Security.SslStream> instance transmits data using a stream that you supply when creating the <xref:System.Net.Security.SslStream>. When you supply this underlying stream, you have the option to specify whether closing the <xref:System.Net.Security.SslStream> also closes the underlying stream. Typically, the <xref:System.Net.Security.SslStream> class is used with the <xref:System.Net.Sockets.TcpClient> and <xref:System.Net.Sockets.TcpListener> classes. The <xref:System.Net.Sockets.TcpClient.GetStream%2A> method provides a <xref:System.Net.Sockets.NetworkStream> suitable for use with the <xref:System.Net.Security.SslStream> class.
After creating an <xref:System.Net.Security.SslStream>, the server and optionally, the client must be authenticated. The server must provide an X509 certificate that establishes proof of its identity and can request that the client also do so. Authentication must be performed before transmitting information using an <xref:System.Net.Security.SslStream>. Clients initiate authentication using the synchronous <xref:System.Net.Security.SslStream.AuthenticateAsClient%2A> methods, which block until the authentication completes, or the asynchronous <xref:System.Net.Security.SslStream.BeginAuthenticateAsClient%2A> methods, which do not block waiting for the authentication to complete. Servers initiate authentication using the synchronous <xref:System.Net.Security.SslStream.AuthenticateAsServer%2A> or asynchronous <xref:System.Net.Security.SslStream.BeginAuthenticateAsServer%2A> methods. Both client and server must initiate the authentication.
The authentication is handled by the Security Support Provider (SSPI) channel provider. The client is given an opportunity to control validation of the server's certificate by specifying a <xref:System.Net.Security.RemoteCertificateValidationCallback> delegate when creating an <xref:System.Net.Security.SslStream>. The server can also control validation by supplying a <xref:System.Net.Security.RemoteCertificateValidationCallback> delegate. The method referenced by the delegate includes the remote party's certificate and any errors SSPI encountered while validating the certificate. Note that if the server specifies a delegate, the delegate's method is invoked regardless of whether the server requested client authentication. If the server did not request client authentication, the server's delegate method receives a null certificate and an empty array of certificate errors.
If the server requires client authentication, the client must specify one or more certificates for authentication. If the client has more than one certificate, the client can provide a <xref:System.Net.Security.LocalCertificateSelectionCallback> delegate to select the correct certificate for the server. The client's certificates must be located in the current user's "My" certificate store. Client authentication via certificates is not supported for the <xref:System.Security.Authentication.SslProtocols.Ssl2> (SSL version 2) protocol.
If the authentication fails, you receive a <xref:System.Security.Authentication.AuthenticationException>, and the <xref:System.Net.Security.SslStream> is no longer useable. You should close this object and remove all references to it so that it can be collected by the garbage collector.
When the authentication process, also known as the SSL handshake, succeeds, the identity of the server (and optionally, the client) is established and the <xref:System.Net.Security.SslStream> can be used by the client and server to exchange messages. Before sending or receiving information, the client and server should check the security services and levels provided by the <xref:System.Net.Security.SslStream> to determine whether the protocol, algorithms, and strengths selected meet their requirements for integrity and confidentiality. If the current settings are not sufficient, the stream should be closed. You can check the security services provided by the <xref:System.Net.Security.SslStream> using the <xref:System.Net.Security.SslStream.IsEncrypted%2A> and <xref:System.Net.Security.SslStream.IsSigned%2A> properties. The following table shows the elements that report the cryptographic settings used for authentication, encryption and data signing.
|Element|Members|
|-------------|-------------|
|The security protocol used to authenticate the server and, optionally, the client.|The <xref:System.Net.Security.SslStream.SslProtocol> property and the associated <xref:System.Security.Authentication.SslProtocols> enumeration.|
|The key exchange algorithm.|The <xref:System.Net.Security.SslStream.KeyExchangeAlgorithm> property and the associated <xref:System.Security.Authentication.ExchangeAlgorithmType> enumeration.|
|The message integrity algorithm.|The <xref:System.Net.Security.SslStream.HashAlgorithm> property and the associated <xref:System.Security.Authentication.HashAlgorithmType> enumeration.|
|The message confidentiality algorithm.|The <xref:System.Net.Security.SslStream.CipherAlgorithm> property and the associated <xref:System.Security.Authentication.CipherAlgorithmType> enumeration.|
|The strengths of the selected algorithms.|The <xref:System.Net.Security.SslStream.KeyExchangeStrength%2A>, <xref:System.Net.Security.SslStream.HashStrength%2A>, and <xref:System.Net.Security.SslStream.CipherStrength%2A> properties.|
After a successful authentication, you can send data using the synchronous <xref:System.Net.Security.SslStream.Write%2A> or asynchronous <xref:System.Net.Security.SslStream.BeginWrite%2A> methods. You can receive data using the synchronous <xref:System.Net.Security.SslStream.Read%2A> or asynchronous <xref:System.Net.Security.SslStream.BeginRead%2A> methods.
If you specified to the <xref:System.Net.Security.SslStream.%23ctor%2A> that the underlying stream should be left open, you are responsible for closing that stream when you are done using it.
> [!NOTE]
> If the application that creates the <xref:System.Net.Security.SslStream> object runs with the credentials of a Normal user, the application will not be able to access certificates installed in the local machine store unless permission has been explicitly given to the user to do so.
<xref:System.Net.Security.SslStream> assumes that a timeout along with any other <xref:System.IO.IOException> when one is thrown from the inner stream will be treated as fatal by its caller. Reusing a <xref:System.Net.Security.SslStream> instance after a timeout will return garbage. An application should <xref:System.IO.Stream.Close%2A> the <xref:System.Net.Security.SslStream> and throw an exception in these cases.
The .NET Framework 4.6 includes a security feature that blocks insecure cipher and hashing algorithms for connections. Applications using TLS/SSL through APIs such as HttpClient, HttpWebRequest, FTPClient, SmtpClient, and SslStream and targeting .NET Framework 4.6 get the more-secure behavior by default.
Developers may want to opt out of this behavior in order to maintain interoperability with their existing SSL3 services OR TLS w/ RC4 services. [This article](https://support.microsoft.com/kb/3069494) explains how to modify your code so that the new behavior is disabled.
The .NET Framework 4.7 adds new overloads for the methods that authenticate SslStreams that do not specify a TLS version, but instead use the TLS version defined as the system default in [SCHANNEL](/windows/win32/secauthn/secure-channel). Use these methods in your app as a way to be able to later modify the defaults as TLS version best practice changes over time, without the need to rebuild and redeploy your app.
Also see [Transport Layer Security (TLS) best practices with the .NET Framework](/dotnet/framework/network-programming/tls).
## Examples
The following code example demonstrates creating an <xref:System.Net.Sockets.TcpListener> that uses the <xref:System.Net.Security.SslStream> class to communicate with clients.
:::code language="csharp" source="~/snippets/csharp/System.Net.Security/SslStream/Overview/serversync.cs" id="Snippet0":::
:::code language="vb" source="~/snippets/visualbasic/System.Net.Security/SslStream/Overview/serversync.vb" id="Snippet0":::
The following code example demonstrates creating a <xref:System.Net.Sockets.TcpClient> that uses the <xref:System.Net.Security.SslStream> class to communicate with a server.
:::code language="csharp" source="~/snippets/csharp/System.Net.Security/RemoteCertificateValidationCallback/Overview/clientsync.cs" id="Snippet0":::
:::code language="vb" source="~/snippets/visualbasic/System.Net.Security/SslStream/Overview/clientsync.vb" id="Snippet0":::
]]></format>
</remarks>
<altmember cref="T:System.Net.Security.NegotiateStream" />
<altmember cref="T:System.Net.Security.AuthenticatedStream" />
<altmember cref="T:System.IO.IOException" />
<altmember cref="T:System.IO.Stream" />
</Docs>
<Members>
<MemberGroup MemberName=".ctor">
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Docs>
<summary>Initializes a new instance of the <see cref="T:System.Net.Security.SslStream" /> class.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
To prevent the <xref:System.Net.Security.SslStream> from closing the stream that you supply, use the <xref:System.Net.Security.SslStream.%23ctor%2A> constructor.
]]></format>
</remarks>
</Docs>
</MemberGroup>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public SslStream (System.IO.Stream innerStream);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(class System.IO.Stream innerStream) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.#ctor(System.IO.Stream)" />
<MemberSignature Language="VB.NET" Value="Public Sub New (innerStream As Stream)" />
<MemberSignature Language="F#" Value="new System.Net.Security.SslStream : System.IO.Stream -> System.Net.Security.SslStream" Usage="new System.Net.Security.SslStream innerStream" />
<MemberSignature Language="C++ CLI" Value="public:
 SslStream(System::IO::Stream ^ innerStream);" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<Attributes>
<Attribute FrameworkAlternate="netframework-4.0">
<AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")>]</AttributeName>
</Attribute>
</Attributes>
<Parameters>
<Parameter Name="innerStream" Type="System.IO.Stream" />
</Parameters>
<Docs>
<param name="innerStream">A <see cref="T:System.IO.Stream" /> object used by the <see cref="T:System.Net.Security.SslStream" /> for sending and receiving data.</param>
<summary>Initializes a new instance of the <see cref="T:System.Net.Security.SslStream" /> class using the specified <see cref="T:System.IO.Stream" />.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
If a value is not specified in the configuration file for encryptionpolicy, the <xref:System.Net.Security.EncryptionPolicy> defaults to <xref:System.Net.Security.EncryptionPolicy.RequireEncryption?displayProperty=nameWithType> for the <xref:System.Net.Security.SslStream> instance that is constructed.
The use of the Null cipher is required when the encryption policy is set to <xref:System.Net.Security.EncryptionPolicy.NoEncryption?displayProperty=nameWithType>.
]]></format>
</remarks>
<exception cref="T:System.ArgumentException">
<paramref name="innerStream" /> is not readable.
-or-
<paramref name="innerStream" /> is not writable.</exception>
<exception cref="T:System.ArgumentNullException">
<paramref name="innerStream" /> is <see langword="null" />.
-or-
<paramref name="innerStream" /> is equal to <see cref="F:System.IO.Stream.Null" />.</exception>
</Docs>
</Member>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public SslStream (System.IO.Stream innerStream, bool leaveInnerStreamOpen);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(class System.IO.Stream innerStream, bool leaveInnerStreamOpen) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.#ctor(System.IO.Stream,System.Boolean)" />
<MemberSignature Language="VB.NET" Value="Public Sub New (innerStream As Stream, leaveInnerStreamOpen As Boolean)" />
<MemberSignature Language="F#" Value="new System.Net.Security.SslStream : System.IO.Stream * bool -> System.Net.Security.SslStream" Usage="new System.Net.Security.SslStream (innerStream, leaveInnerStreamOpen)" />
<MemberSignature Language="C++ CLI" Value="public:
 SslStream(System::IO::Stream ^ innerStream, bool leaveInnerStreamOpen);" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<Attributes>
<Attribute FrameworkAlternate="netframework-4.0">
<AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")>]</AttributeName>
</Attribute>
</Attributes>
<Parameters>
<Parameter Name="innerStream" Type="System.IO.Stream" />
<Parameter Name="leaveInnerStreamOpen" Type="System.Boolean" />
</Parameters>
<Docs>
<param name="innerStream">A <see cref="T:System.IO.Stream" /> object used by the <see cref="T:System.Net.Security.SslStream" /> for sending and receiving data.</param>
<param name="leaveInnerStreamOpen">A Boolean value that indicates the closure behavior of the <see cref="T:System.IO.Stream" /> object used by the <see cref="T:System.Net.Security.SslStream" /> for sending and receiving data. This parameter indicates if the inner stream is left open.</param>
<summary>Initializes a new instance of the <see cref="T:System.Net.Security.SslStream" /> class using the specified <see cref="T:System.IO.Stream" /> and stream closure behavior.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
When you specify `true` for the `leaveStreamOpen` parameter, closing the <xref:System.Net.Security.SslStream> has no effect on the `innerStream` stream; you must explicitly close `innerStream` when you no longer need it.
If a value is not specified in the configuration file for encryptionpolicy, the <xref:System.Net.Security.EncryptionPolicy> defaults to <xref:System.Net.Security.EncryptionPolicy.RequireEncryption?displayProperty=nameWithType> for the <xref:System.Net.Security.SslStream> instance that is constructed.
The use of the Null cipher is required when the encryption policy is set to <xref:System.Net.Security.EncryptionPolicy.NoEncryption?displayProperty=nameWithType>.
## Examples
The following code example demonstrates calling this constructor.
:::code language="csharp" source="~/snippets/csharp/System.Net.Security/SslStream/Overview/serversync.cs" id="Snippet1":::
:::code language="vb" source="~/snippets/visualbasic/System.Net.Security/SslStream/Overview/serversync.vb" id="Snippet1":::
]]></format>
</remarks>
<exception cref="T:System.ArgumentException">
<paramref name="innerStream" /> is not readable.
-or-
<paramref name="innerStream" /> is not writable.</exception>
<exception cref="T:System.ArgumentNullException">
<paramref name="innerStream" /> is <see langword="null" />.
-or-
<paramref name="innerStream" /> is equal to <see cref="F:System.IO.Stream.Null" />.</exception>
</Docs>
</Member>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public SslStream (System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback);" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(class System.IO.Stream innerStream, bool leaveInnerStreamOpen, class System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.#ctor(System.IO.Stream,System.Boolean,System.Net.Security.RemoteCertificateValidationCallback)" />
<MemberSignature Language="VB.NET" Value="Public Sub New (innerStream As Stream, leaveInnerStreamOpen As Boolean, userCertificateValidationCallback As RemoteCertificateValidationCallback)" />
<MemberSignature Language="F#" Value="new System.Net.Security.SslStream : System.IO.Stream * bool * System.Net.Security.RemoteCertificateValidationCallback -> System.Net.Security.SslStream" Usage="new System.Net.Security.SslStream (innerStream, leaveInnerStreamOpen, userCertificateValidationCallback)" />
<MemberSignature Language="C++ CLI" Value="public:
 SslStream(System::IO::Stream ^ innerStream, bool leaveInnerStreamOpen, System::Net::Security::RemoteCertificateValidationCallback ^ userCertificateValidationCallback);" />
<MemberSignature Language="C#" Value="public SslStream (System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback);" FrameworkAlternate="netcore-1.0;netcore-1.1;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<Attributes>
<Attribute FrameworkAlternate="netframework-4.0">
<AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")>]</AttributeName>
</Attribute>
</Attributes>
<Parameters>
<Parameter Name="innerStream" Type="System.IO.Stream" />
<Parameter Name="leaveInnerStreamOpen" Type="System.Boolean" />
<Parameter Name="userCertificateValidationCallback" Type="System.Net.Security.RemoteCertificateValidationCallback">
<Attributes>
<Attribute FrameworkAlternate="net-10.0;net-11.0;net-8.0;net-9.0">
<AttributeName Language="C#">[System.Runtime.CompilerServices.Nullable(2)]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.CompilerServices.Nullable(2)>]</AttributeName>
</Attribute>
</Attributes>
</Parameter>
</Parameters>
<Docs>
<param name="innerStream">A <see cref="T:System.IO.Stream" /> object used by the <see cref="T:System.Net.Security.SslStream" /> for sending and receiving data.</param>
<param name="leaveInnerStreamOpen">A Boolean value that indicates the closure behavior of the <see cref="T:System.IO.Stream" /> object used by the <see cref="T:System.Net.Security.SslStream" /> for sending and receiving data. This parameter indicates if the inner stream is left open.</param>
<param name="userCertificateValidationCallback">A <see cref="T:System.Net.Security.RemoteCertificateValidationCallback" /> delegate responsible for validating the certificate supplied by the remote party.</param>
<summary>Initializes a new instance of the <see cref="T:System.Net.Security.SslStream" /> class using the specified <see cref="T:System.IO.Stream" />, stream closure behavior and certificate validation delegate.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
When you specify `true` for the `leaveStreamOpen` parameter, closing the <xref:System.Net.Security.SslStream> has no effect on the `innerStream` stream; you must explicitly close `innerStream` when you no longer need it.
The `userCertificateValidationCallback` delegate's `certificateErrors` argument contains any Windows error codes returned by the channel Security Support Provider Interface (SSPI). The return value of the method invoked by the `userCertificateValidationCallback` delegate determines whether authentication succeeds.
The security protocol and cryptographic algorithms are already selected when the `userCertificateValidationCallback` delegate's method is invoked. You can use the method to determine whether the selected cryptographic algorithms and strengths are sufficient for your application. If not, the method should return `false` to prevent the <xref:System.Net.Security.SslStream> from being created.
If a value is not specified in the configuration file for encryptionpolicy, the <xref:System.Net.Security.EncryptionPolicy> defaults to <xref:System.Net.Security.EncryptionPolicy.RequireEncryption?displayProperty=nameWithType> for the <xref:System.Net.Security.SslStream> instance that is constructed.
The use of the Null cipher is required when the encryption policy is set to <xref:System.Net.Security.EncryptionPolicy.NoEncryption?displayProperty=nameWithType>.
> [!NOTE]
> .NET caches SSL sessions as they are created and attempts to reuse a cached session for subsequent requests, if possible. When attempting to reuse an SSL session, the Framework uses the first element of the <xref:System.Security.Cryptography.X509Certificates.X509Certificate2Collection> provided during authentication (if there is one), or tries to reuse an anonymous sessions if the certificate collection is empty.
> [!NOTE]
> Client certificates are not supported in the SSL version 2 protocol.
## Examples
The following code example creates an <xref:System.Net.Security.SslStream> and initiates the client portion of the authentication.
:::code language="csharp" source="~/snippets/csharp/System.Net.Security/RemoteCertificateValidationCallback/Overview/clientsync.cs" id="Snippet4":::
:::code language="vb" source="~/snippets/visualbasic/System.Net.Security/SslStream/Overview/clientsync.vb" id="Snippet4":::
]]></format>
</remarks>
<exception cref="T:System.ArgumentException">
<paramref name="innerStream" /> is not readable.
-or-
<paramref name="innerStream" /> is not writable.</exception>
<exception cref="T:System.ArgumentNullException">
<paramref name="innerStream" /> is <see langword="null" />.
-or-
<paramref name="innerStream" /> is equal to <see cref="F:System.IO.Stream.Null" />.</exception>
</Docs>
</Member>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public SslStream (System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback? userCertificateSelectionCallback);" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(class System.IO.Stream innerStream, bool leaveInnerStreamOpen, class System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback, class System.Net.Security.LocalCertificateSelectionCallback userCertificateSelectionCallback) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.#ctor(System.IO.Stream,System.Boolean,System.Net.Security.RemoteCertificateValidationCallback,System.Net.Security.LocalCertificateSelectionCallback)" />
<MemberSignature Language="VB.NET" Value="Public Sub New (innerStream As Stream, leaveInnerStreamOpen As Boolean, userCertificateValidationCallback As RemoteCertificateValidationCallback, userCertificateSelectionCallback As LocalCertificateSelectionCallback)" />
<MemberSignature Language="F#" Value="new System.Net.Security.SslStream : System.IO.Stream * bool * System.Net.Security.RemoteCertificateValidationCallback * System.Net.Security.LocalCertificateSelectionCallback -> System.Net.Security.SslStream" Usage="new System.Net.Security.SslStream (innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, userCertificateSelectionCallback)" />
<MemberSignature Language="C++ CLI" Value="public:
 SslStream(System::IO::Stream ^ innerStream, bool leaveInnerStreamOpen, System::Net::Security::RemoteCertificateValidationCallback ^ userCertificateValidationCallback, System::Net::Security::LocalCertificateSelectionCallback ^ userCertificateSelectionCallback);" />
<MemberSignature Language="C#" Value="public SslStream (System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback userCertificateSelectionCallback);" FrameworkAlternate="netcore-1.0;netcore-1.1;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<Attributes>
<Attribute FrameworkAlternate="netframework-4.0">
<AttributeName Language="C#">[System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.TargetedPatchingOptOut("Performance critical to inline this type of method across NGen image boundaries")>]</AttributeName>
</Attribute>
</Attributes>
<Parameters>
<Parameter Name="innerStream" Type="System.IO.Stream">
<Attributes>
<Attribute FrameworkAlternate="net-10.0;net-11.0;net-8.0;net-9.0">
<AttributeName Language="C#">[System.Runtime.CompilerServices.Nullable(1)]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.CompilerServices.Nullable(1)>]</AttributeName>
</Attribute>
</Attributes>
</Parameter>
<Parameter Name="leaveInnerStreamOpen" Type="System.Boolean" />
<Parameter Name="userCertificateValidationCallback" Type="System.Net.Security.RemoteCertificateValidationCallback" />
<Parameter Name="userCertificateSelectionCallback" Type="System.Net.Security.LocalCertificateSelectionCallback" />
</Parameters>
<Docs>
<param name="innerStream">A <see cref="T:System.IO.Stream" /> object used by the <see cref="T:System.Net.Security.SslStream" /> for sending and receiving data.</param>
<param name="leaveInnerStreamOpen">A Boolean value that indicates the closure behavior of the <see cref="T:System.IO.Stream" /> object used by the <see cref="T:System.Net.Security.SslStream" /> for sending and receiving data. This parameter indicates if the inner stream is left open.</param>
<param name="userCertificateValidationCallback">A <see cref="T:System.Net.Security.RemoteCertificateValidationCallback" /> delegate responsible for validating the certificate supplied by the remote party.</param>
<param name="userCertificateSelectionCallback">A <see cref="T:System.Net.Security.LocalCertificateSelectionCallback" /> delegate responsible for selecting the certificate used for authentication.</param>
<summary>Initializes a new instance of the <see cref="T:System.Net.Security.SslStream" /> class using the specified <see cref="T:System.IO.Stream" />, stream closure behavior, certificate validation delegate and certificate selection delegate.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
When you specify `true` for the `leaveStreamOpen` parameter, closing the <xref:System.Net.Security.SslStream> has no effect on the `innerStream` stream; you must explicitly close `innerStream` when you no longer need it.
The `userCertificateValidationCallback` delegate's `certificateErrors` argument contains any Windows error codes returned by the channel Security Support Provider Interface (SSPI). The return value of the method invoked by the `userCertificateValidationCallback` delegate determines whether authentication succeeds.
The security protocol and cryptographic algorithms are already selected when the `userCertificateValidationCallback` delegate's method is invoked. You can use the method to determine whether the selected cryptographic algorithms and strengths are sufficient for your application. If not, the method should return `false` to prevent the <xref:System.Net.Security.SslStream> from being created.
The `userCertificateSelectionCallback` delegate is useful when your application has multiple certificates and must dynamically choose a certificate. Certificates in the "MY" store are passed to the method invoked by the delegate.
If a value is not specified in the configuration file for encryptionpolicy, the <xref:System.Net.Security.EncryptionPolicy> defaults to <xref:System.Net.Security.EncryptionPolicy.RequireEncryption?displayProperty=nameWithType> for the <xref:System.Net.Security.SslStream> instance that is constructed.
The use of the Null cipher is required when the encryption policy is set to <xref:System.Net.Security.EncryptionPolicy.NoEncryption?displayProperty=nameWithType>.
> [!NOTE]
> .NET caches SSL sessions as they are created and attempts to reuse a cached session for subsequent requests, if possible. When attempting to reuse an SSL session, the Framework uses the first element of the <xref:System.Security.Cryptography.X509Certificates.X509Certificate2Collection> provided during authentication (if there is one), or tries to reuse an anonymous sessions if the certificate collection is empty.
## Examples
The following code example demonstrates calling this constructor. This example is part of a larger example provided for the <xref:System.Net.Security.SslStream> class.
:::code language="csharp" source="~/snippets/csharp/System.Net.Security/LocalCertificateSelectionCallback/Overview/clientasync.cs" id="Snippet6":::
:::code language="vb" source="~/snippets/visualbasic/System.Net.Security/SslStream/.ctor/clientasync.vb" id="Snippet6":::
]]></format>
</remarks>
<exception cref="T:System.ArgumentException">
<paramref name="innerStream" /> is not readable.
-or-
<paramref name="innerStream" /> is not writable.</exception>
<exception cref="T:System.ArgumentNullException">
<paramref name="innerStream" /> is <see langword="null" />.
-or-
<paramref name="innerStream" /> is equal to <see cref="F:System.IO.Stream.Null" />.</exception>
</Docs>
</Member>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public SslStream (System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback? userCertificateSelectionCallback, System.Net.Security.EncryptionPolicy encryptionPolicy);" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(class System.IO.Stream innerStream, bool leaveInnerStreamOpen, class System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback, class System.Net.Security.LocalCertificateSelectionCallback userCertificateSelectionCallback, valuetype System.Net.Security.EncryptionPolicy encryptionPolicy) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.#ctor(System.IO.Stream,System.Boolean,System.Net.Security.RemoteCertificateValidationCallback,System.Net.Security.LocalCertificateSelectionCallback,System.Net.Security.EncryptionPolicy)" />
<MemberSignature Language="VB.NET" Value="Public Sub New (innerStream As Stream, leaveInnerStreamOpen As Boolean, userCertificateValidationCallback As RemoteCertificateValidationCallback, userCertificateSelectionCallback As LocalCertificateSelectionCallback, encryptionPolicy As EncryptionPolicy)" />
<MemberSignature Language="F#" Value="new System.Net.Security.SslStream : System.IO.Stream * bool * System.Net.Security.RemoteCertificateValidationCallback * System.Net.Security.LocalCertificateSelectionCallback * System.Net.Security.EncryptionPolicy -> System.Net.Security.SslStream" Usage="new System.Net.Security.SslStream (innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, userCertificateSelectionCallback, encryptionPolicy)" />
<MemberSignature Language="C++ CLI" Value="public:
 SslStream(System::IO::Stream ^ innerStream, bool leaveInnerStreamOpen, System::Net::Security::RemoteCertificateValidationCallback ^ userCertificateValidationCallback, System::Net::Security::LocalCertificateSelectionCallback ^ userCertificateSelectionCallback, System::Net::Security::EncryptionPolicy encryptionPolicy);" />
<MemberSignature Language="C#" Value="public SslStream (System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback userCertificateSelectionCallback, System.Net.Security.EncryptionPolicy encryptionPolicy);" FrameworkAlternate="netcore-1.0;netcore-1.1;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<Parameters>
<Parameter Name="innerStream" Type="System.IO.Stream" Index="0" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-1.0;netcore-1.1;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1">
<Attributes>
<Attribute FrameworkAlternate="net-10.0;net-11.0;net-8.0;net-9.0">
<AttributeName Language="C#">[System.Runtime.CompilerServices.Nullable(1)]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.CompilerServices.Nullable(1)>]</AttributeName>
</Attribute>
</Attributes>
</Parameter>
<Parameter Name="leaveInnerStreamOpen" Type="System.Boolean" Index="1" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-1.0;netcore-1.1;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
<Parameter Name="userCertificateValidationCallback" Type="System.Net.Security.RemoteCertificateValidationCallback" Index="2" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-1.0;netcore-1.1;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
<Parameter Name="userCertificateSelectionCallback" Type="System.Net.Security.LocalCertificateSelectionCallback" Index="3" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-1.0;netcore-1.1;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
<Parameter Name="encryptionPolicy" Type="System.Net.Security.EncryptionPolicy" Index="4" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-1.0;netcore-1.1;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
</Parameters>
<Docs>
<param name="innerStream">A <see cref="T:System.IO.Stream" /> object used by the <see cref="T:System.Net.Security.SslStream" /> for sending and receiving data.</param>
<param name="leaveInnerStreamOpen">A Boolean value that indicates the closure behavior of the <see cref="T:System.IO.Stream" /> object used by the <see cref="T:System.Net.Security.SslStream" /> for sending and receiving data. This parameter indicates if the inner stream is left open.</param>
<param name="userCertificateValidationCallback">A <see cref="T:System.Net.Security.RemoteCertificateValidationCallback" /> delegate responsible for validating the certificate supplied by the remote party.</param>
<param name="userCertificateSelectionCallback">A <see cref="T:System.Net.Security.LocalCertificateSelectionCallback" /> delegate responsible for selecting the certificate used for authentication.</param>
<param name="encryptionPolicy">The <see cref="T:System.Net.Security.EncryptionPolicy" /> to use.</param>
<summary>Initializes a new instance of the <see cref="T:System.Net.Security.SslStream" /> class using the specified <see cref="T:System.IO.Stream" />.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The use of the Null cipher is required when the `encryptionPolicy` parameter is set to <xref:System.Net.Security.EncryptionPolicy.NoEncryption?displayProperty=nameWithType>.
]]></format>
</remarks>
<exception cref="T:System.ArgumentException">
<paramref name="innerStream" /> is not readable.
-or-
<paramref name="innerStream" /> is not writable.
-or-
<paramref name="encryptionPolicy" /> is not valid.</exception>
<exception cref="T:System.ArgumentNullException">
<paramref name="innerStream" /> is <see langword="null" />.
-or-
<paramref name="innerStream" /> is equal to <see cref="F:System.IO.Stream.Null" />.</exception>
</Docs>
</Member>
<MemberGroup MemberName="AuthenticateAsClient">
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Docs>
<summary>Authenticate the client side of a client-server connection.</summary>
</Docs>
</MemberGroup>
<Member MemberName="AuthenticateAsClient">
<MemberSignature Language="C#" Value="public void AuthenticateAsClient (System.Net.Security.SslClientAuthenticationOptions sslClientAuthenticationOptions);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance void AuthenticateAsClient(class System.Net.Security.SslClientAuthenticationOptions sslClientAuthenticationOptions) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.AuthenticateAsClient(System.Net.Security.SslClientAuthenticationOptions)" />
<MemberSignature Language="VB.NET" Value="Public Sub AuthenticateAsClient (sslClientAuthenticationOptions As SslClientAuthenticationOptions)" />
<MemberSignature Language="F#" Value="member this.AuthenticateAsClient : System.Net.Security.SslClientAuthenticationOptions -> unit" Usage="sslStream.AuthenticateAsClient sslClientAuthenticationOptions" />
<MemberSignature Language="C++ CLI" Value="public:
 void AuthenticateAsClient(System::Net::Security::SslClientAuthenticationOptions ^ sslClientAuthenticationOptions);" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="sslClientAuthenticationOptions" Type="System.Net.Security.SslClientAuthenticationOptions" Index="0" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0" />
</Parameters>
<Docs>
<param name="sslClientAuthenticationOptions">The property bag for the SSL connection.</param>
<summary>Authenticates the server and optionally the client in a client-server connection.</summary>
<remarks>
<format type="text/markdown"><] No client certificates are used in the authentication. The certificate revocation list is not checked during authentication. The value specified for `targetHost` must match the name on the server's certificate.
When authentication succeeds, you must check the <xref:System.Net.Security.SslStream.IsEncrypted%2A> and <xref:System.Net.Security.SslStream.IsSigned%2A> properties to determine what security services are used by the <xref:System.Net.Security.SslStream>. Check the <xref:System.Net.Security.SslStream.IsMutuallyAuthenticated> property to determine whether mutual authentication occurred.
If the authentication fails, you receive a <xref:System.Security.Authentication.AuthenticationException>, and this <xref:System.Net.Security.SslStream> is no longer useable. You should close this object and remove all references to it so that it can be collected by the garbage collector.
]]></format>
</remarks>
<exception cref="T:System.ArgumentNullException">
<paramref name="sslClientAuthenticationOptions" /> is <see langword="null" />.</exception>
<exception cref="T:System.Security.Authentication.AuthenticationException">The authentication failed and left this object in an unusable state.</exception>
<exception cref="T:System.InvalidOperationException">Authentication has already occurred.
-or-
Server authentication using this <see cref="T:System.Net.Security.SslStream" /> was tried previously.
-or-
Authentication is already in progress.</exception>
<exception cref="T:System.ObjectDisposedException">This object has been closed.</exception>
</Docs>
</Member>
<Member MemberName="AuthenticateAsClient">
<MemberSignature Language="C#" Value="public virtual void AuthenticateAsClient (string targetHost);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig newslot virtual instance void AuthenticateAsClient(string targetHost) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.AuthenticateAsClient(System.String)" />
<MemberSignature Language="VB.NET" Value="Public Overridable Sub AuthenticateAsClient (targetHost As String)" />
<MemberSignature Language="F#" Value="abstract member AuthenticateAsClient : string -> unit
override this.AuthenticateAsClient : string -> unit" Usage="sslStream.AuthenticateAsClient targetHost" />
<MemberSignature Language="C++ CLI" Value="public:
 virtual void AuthenticateAsClient(System::String ^ targetHost);" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="targetHost" Type="System.String" Index="0" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
</Parameters>
<Docs>
<param name="targetHost">The name of the server that shares this <see cref="T:System.Net.Security.SslStream" />.</param>
<summary>Called by clients to authenticate the server and optionally the client in a client-server connection.</summary>
<remarks>
<format type="text/markdown"><] No client certificates are used in the authentication. The certificate revocation list is not checked during authentication. The value specified for `targetHost` must match the name on the server's certificate.
When authentication succeeds, you must check the <xref:System.Net.Security.SslStream.IsEncrypted%2A> and <xref:System.Net.Security.SslStream.IsSigned%2A> properties to determine what security services are used by the <xref:System.Net.Security.SslStream>. Check the <xref:System.Net.Security.SslStream.IsMutuallyAuthenticated> property to determine whether mutual authentication occurred.
If the authentication fails, you receive a <xref:System.Security.Authentication.AuthenticationException>, and this <xref:System.Net.Security.SslStream> is no longer useable. You should close this object and remove all references to it so that it can be collected by the garbage collector.
]]></format>
</remarks>
<exception cref="T:System.ArgumentNullException">
<paramref name="targetHost" /> is <see langword="null" />.</exception>
<exception cref="T:System.Security.Authentication.AuthenticationException">The authentication failed and left this object in an unusable state.</exception>
<exception cref="T:System.InvalidOperationException">Authentication has already occurred.
-or-
Server authentication using this <see cref="T:System.Net.Security.SslStream" /> was tried previously.
-or-
Authentication is already in progress.</exception>
<exception cref="T:System.ObjectDisposedException">This object has been closed.</exception>
</Docs>
</Member>
<Member MemberName="AuthenticateAsClient">
<MemberSignature Language="C#" Value="public virtual void AuthenticateAsClient (string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection? clientCertificates, bool checkCertificateRevocation);" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig newslot virtual instance void AuthenticateAsClient(string targetHost, class System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, bool checkCertificateRevocation) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.AuthenticateAsClient(System.String,System.Security.Cryptography.X509Certificates.X509CertificateCollection,System.Boolean)" />
<MemberSignature Language="VB.NET" Value="Public Overridable Sub AuthenticateAsClient (targetHost As String, clientCertificates As X509CertificateCollection, checkCertificateRevocation As Boolean)" />
<MemberSignature Language="F#" Value="abstract member AuthenticateAsClient : string * System.Security.Cryptography.X509Certificates.X509CertificateCollection * bool -> unit
override this.AuthenticateAsClient : string * System.Security.Cryptography.X509Certificates.X509CertificateCollection * bool -> unit" Usage="sslStream.AuthenticateAsClient (targetHost, clientCertificates, checkCertificateRevocation)" />
<MemberSignature Language="C++ CLI" Value="public:
 virtual void AuthenticateAsClient(System::String ^ targetHost, System::Security::Cryptography::X509Certificates::X509CertificateCollection ^ clientCertificates, bool checkCertificateRevocation);" />
<MemberSignature Language="C#" Value="public virtual void AuthenticateAsClient (string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, bool checkCertificateRevocation);" FrameworkAlternate="netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.1" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="targetHost" Type="System.String" Index="0" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.1" />
<Parameter Name="clientCertificates" Type="System.Security.Cryptography.X509Certificates.X509CertificateCollection" Index="1" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.1">
<Attributes>
<Attribute FrameworkAlternate="net-10.0;net-11.0;net-8.0;net-9.0">
<AttributeName Language="C#">[System.Runtime.CompilerServices.Nullable(2)]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.CompilerServices.Nullable(2)>]</AttributeName>
</Attribute>
</Attributes>
</Parameter>
<Parameter Name="checkCertificateRevocation" Type="System.Boolean" Index="2" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.1" />
</Parameters>
<Docs>
<param name="targetHost">The name of the server that will share this <see cref="T:System.Net.Security.SslStream" />.</param>
<param name="clientCertificates">The <see cref="T:System.Security.Cryptography.X509Certificates.X509CertificateCollection" /> that contains client certificates.</param>
<param name="checkCertificateRevocation">A <see cref="T:System.Boolean" /> value that specifies whether the certificate revocation list is checked during authentication.</param>
<summary>Called by clients to authenticate the server and optionally the client in a client-server connection. The authentication process uses the specified certificate collection, and the system default SSL protocol.</summary>
<remarks>
<format type="text/markdown"><]
When authentication succeeds, you must check the <xref:System.Net.Security.SslStream.IsEncrypted%2A> and <xref:System.Net.Security.SslStream.IsSigned%2A> properties to determine what security services are used by the <xref:System.Net.Security.SslStream>. Check the <xref:System.Net.Security.SslStream.IsMutuallyAuthenticated> property to determine whether mutual authentication occurred.
If the authentication fails, you receive a <xref:System.Security.Authentication.AuthenticationException>, and this <xref:System.Net.Security.SslStream> is no longer useable. You should close this object and remove all references to it so that it can be collected by the garbage collector.
> [!NOTE]
> Client certificates are not supported in the SSL version 2 protocol.
]]></format>
</remarks>
</Docs>
</Member>
<Member MemberName="AuthenticateAsClient">
<MemberSignature Language="C#" Value="public virtual void AuthenticateAsClient (string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection? clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig newslot virtual instance void AuthenticateAsClient(string targetHost, class System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, valuetype System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.AuthenticateAsClient(System.String,System.Security.Cryptography.X509Certificates.X509CertificateCollection,System.Security.Authentication.SslProtocols,System.Boolean)" />
<MemberSignature Language="VB.NET" Value="Public Overridable Sub AuthenticateAsClient (targetHost As String, clientCertificates As X509CertificateCollection, enabledSslProtocols As SslProtocols, checkCertificateRevocation As Boolean)" />
<MemberSignature Language="F#" Value="abstract member AuthenticateAsClient : string * System.Security.Cryptography.X509Certificates.X509CertificateCollection * System.Security.Authentication.SslProtocols * bool -> unit
override this.AuthenticateAsClient : string * System.Security.Cryptography.X509Certificates.X509CertificateCollection * System.Security.Authentication.SslProtocols * bool -> unit" Usage="sslStream.AuthenticateAsClient (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation)" />
<MemberSignature Language="C++ CLI" Value="public:
 virtual void AuthenticateAsClient(System::String ^ targetHost, System::Security::Cryptography::X509Certificates::X509CertificateCollection ^ clientCertificates, System::Security::Authentication::SslProtocols enabledSslProtocols, bool checkCertificateRevocation);" />
<MemberSignature Language="C#" Value="public virtual void AuthenticateAsClient (string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);" FrameworkAlternate="netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="targetHost" Type="System.String" Index="0" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
<Parameter Name="clientCertificates" Type="System.Security.Cryptography.X509Certificates.X509CertificateCollection" Index="1" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1">
<Attributes>
<Attribute FrameworkAlternate="net-10.0;net-11.0;net-8.0;net-9.0">
<AttributeName Language="C#">[System.Runtime.CompilerServices.Nullable(2)]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.CompilerServices.Nullable(2)>]</AttributeName>
</Attribute>
</Attributes>
</Parameter>
<Parameter Name="enabledSslProtocols" Type="System.Security.Authentication.SslProtocols" Index="2" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
<Parameter Name="checkCertificateRevocation" Type="System.Boolean" Index="3" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-2.0;netframework-3.0;netframework-3.5;netframework-4.0;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
</Parameters>
<Docs>
<param name="targetHost">The name of the server that will share this <see cref="T:System.Net.Security.SslStream" />.</param>
<param name="clientCertificates">The <see cref="T:System.Security.Cryptography.X509Certificates.X509CertificateCollection" /> that contains client certificates.</param>
<param name="enabledSslProtocols">The <see cref="T:System.Security.Authentication.SslProtocols" /> value that represents protocols used for authentication.</param>
<param name="checkCertificateRevocation">A <see cref="T:System.Boolean" /> value that specifies whether the certificate revocation list is checked during authentication.</param>
<summary>Called by clients to authenticate the server and optionally the client in a client-server connection. The authentication process uses the specified certificate collection and SSL protocol.</summary>
<remarks>
<format type="text/markdown"><]
When authentication succeeds, you must check the <xref:System.Net.Security.SslStream.IsEncrypted%2A> and <xref:System.Net.Security.SslStream.IsSigned%2A> properties to determine what security services are used by the <xref:System.Net.Security.SslStream>. Check the <xref:System.Net.Security.SslStream.IsMutuallyAuthenticated> property to determine whether mutual authentication occurred.
If the authentication fails, you receive a <xref:System.Security.Authentication.AuthenticationException>, and this <xref:System.Net.Security.SslStream> is no longer useable. You should close this object and remove all references to it so that it can be collected by the garbage collector.
> [!NOTE]
> Client certificates are not supported in the SSL version 2 protocol.
]]></format>
</remarks>
</Docs>
</Member>
<MemberGroup MemberName="AuthenticateAsClientAsync">
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
</AssemblyInfo>
<Docs>
<summary>Authenticate the client side of a client-server connection as an asynchronous operation.</summary>
</Docs>
</MemberGroup>
<Member MemberName="AuthenticateAsClientAsync">
<MemberSignature Language="C#" Value="public virtual System.Threading.Tasks.Task AuthenticateAsClientAsync (string targetHost);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig newslot virtual instance class System.Threading.Tasks.Task AuthenticateAsClientAsync(string targetHost) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.AuthenticateAsClientAsync(System.String)" />
<MemberSignature Language="VB.NET" Value="Public Overridable Function AuthenticateAsClientAsync (targetHost As String) As Task" />
<MemberSignature Language="F#" Value="abstract member AuthenticateAsClientAsync : string -> System.Threading.Tasks.Task
override this.AuthenticateAsClientAsync : string -> System.Threading.Tasks.Task" Usage="sslStream.AuthenticateAsClientAsync targetHost" />
<MemberSignature Language="C++ CLI" Value="public:
 virtual System::Threading::Tasks::Task ^ AuthenticateAsClientAsync(System::String ^ targetHost);" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
<AssemblyVersion>4.1.0.0</AssemblyVersion>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Threading.Tasks.Task</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="targetHost" Type="System.String" Index="0" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-1.0;netcore-1.1;netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.5;netframework-4.5.1;netframework-4.5.2;netframework-4.6;netframework-4.6.1;netframework-4.6.2;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.0;netstandard-2.1" />
</Parameters>
<Docs>
<param name="targetHost">The name of the server that shares this <see cref="T:System.Net.Security.SslStream" />.</param>
<summary>Called by clients to authenticate the server and optionally the client in a client-server connection as an asynchronous operation.</summary>
<returns>The task object representing the asynchronous operation.</returns>
<remarks>
<format type="text/markdown"><] No client certificates are used in the authentication. The certificate revocation list is not checked during authentication. The value specified for `targetHost` must match the name on the server's certificate.
When authentication succeeds, you must check the <xref:System.Net.Security.SslStream.IsEncrypted%2A> and <xref:System.Net.Security.SslStream.IsSigned%2A> properties to determine what security services are used by the <xref:System.Net.Security.SslStream>. Check the <xref:System.Net.Security.SslStream.IsMutuallyAuthenticated> property to determine whether mutual authentication occurred.
If the authentication fails, you receive a <xref:System.Security.Authentication.AuthenticationException>, and this <xref:System.Net.Security.SslStream> is no longer useable. You should close this object and remove all references to it so that it can be collected by the garbage collector.
This method stores in the task it returns all non-usage exceptions that the method's synchronous counterpart can throw. If an exception is stored into the returned task, that exception will be thrown when the task is awaited. Usage exceptions, such as <xref:System.ArgumentException>, are still thrown synchronously. For the stored exceptions, see the exceptions thrown by <xref:System.Net.Security.SslStream.AuthenticateAsClient(System.String)>.
]]></format>
</remarks>
<exception cref="T:System.ArgumentNullException">
<paramref name="targetHost" /> is <see langword="null" />.</exception>
<exception cref="T:System.Security.Authentication.AuthenticationException">The authentication failed and left this object in an unusable state.</exception>
<exception cref="T:System.InvalidOperationException">Authentication has already occurred.
-or-
Server authentication using this <see cref="T:System.Net.Security.SslStream" /> was tried previously.
-or-
Authentication is already in progress.</exception>
<exception cref="T:System.ObjectDisposedException">This object has been closed.</exception>
</Docs>
</Member>
<Member MemberName="AuthenticateAsClientAsync">
<MemberSignature Language="C#" Value="public System.Threading.Tasks.Task AuthenticateAsClientAsync (System.Net.Security.SslClientAuthenticationOptions sslClientAuthenticationOptions, System.Threading.CancellationToken cancellationToken = default);" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-3.0;netcore-3.1" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance class System.Threading.Tasks.Task AuthenticateAsClientAsync(class System.Net.Security.SslClientAuthenticationOptions sslClientAuthenticationOptions, valuetype System.Threading.CancellationToken cancellationToken) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.AuthenticateAsClientAsync(System.Net.Security.SslClientAuthenticationOptions,System.Threading.CancellationToken)" />
<MemberSignature Language="VB.NET" Value="Public Function AuthenticateAsClientAsync (sslClientAuthenticationOptions As SslClientAuthenticationOptions, Optional cancellationToken As CancellationToken = Nothing) As Task" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-3.0;netcore-3.1" />
<MemberSignature Language="F#" Value="member this.AuthenticateAsClientAsync : System.Net.Security.SslClientAuthenticationOptions * System.Threading.CancellationToken -> System.Threading.Tasks.Task" Usage="sslStream.AuthenticateAsClientAsync (sslClientAuthenticationOptions, cancellationToken)" />
<MemberSignature Language="C#" Value="public System.Threading.Tasks.Task AuthenticateAsClientAsync (System.Net.Security.SslClientAuthenticationOptions sslClientAuthenticationOptions, System.Threading.CancellationToken cancellationToken);" FrameworkAlternate="netcore-2.1;netcore-2.2;netstandard-2.1" />
<MemberSignature Language="VB.NET" Value="Public Function AuthenticateAsClientAsync (sslClientAuthenticationOptions As SslClientAuthenticationOptions, cancellationToken As CancellationToken) As Task" FrameworkAlternate="netcore-2.1;netcore-2.2;netstandard-2.1" />
<MemberSignature Language="C++ CLI" Value="public:
 System::Threading::Tasks::Task ^ AuthenticateAsClientAsync(System::Net::Security::SslClientAuthenticationOptions ^ sslClientAuthenticationOptions, System::Threading::CancellationToken cancellationToken);" FrameworkAlternate="netcore-2.1;netcore-2.2;netstandard-2.1" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System.Net.Security</AssemblyName>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
<AssemblyVersion>10.0.0.0</AssemblyVersion>
<AssemblyVersion>11.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>netstandard</AssemblyName>
<AssemblyVersion>2.1.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Threading.Tasks.Task</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="sslClientAuthenticationOptions" Type="System.Net.Security.SslClientAuthenticationOptions" Index="0" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netstandard-2.1" />
<Parameter Name="cancellationToken" Type="System.Threading.CancellationToken" Index="1" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netstandard-2.1" />
</Parameters>
<Docs>
<param name="sslClientAuthenticationOptions">The property bag for the SSL connection.</param>
<param name="cancellationToken">The token to monitor for cancellation requests.</param>
<summary>Called by clients to authenticate the server and optionally the client in a client-server connection as an asynchronous operation. The authentication process uses information specified in the <paramref name="sslClientAuthenticationOptions" /> property bag.</summary>
<returns>The task object representing the asynchronous operation.</returns>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
When authentication succeeds, you must check the <xref:System.Net.Security.SslStream.IsEncrypted%2A> and <xref:System.Net.Security.SslStream.IsSigned%2A> properties to determine what security services are used by the <xref:System.Net.Security.SslStream>. Check the <xref:System.Net.Security.SslStream.IsMutuallyAuthenticated> property to determine whether mutual authentication occurred.
If the authentication fails, you receive a <xref:System.Security.Authentication.AuthenticationException>, and this <xref:System.Net.Security.SslStream> is no longer useable. You should close this object and remove all references to it so that it can be collected by the garbage collector.
This method stores in the task it returns all non-usage exceptions that the method's synchronous counterpart can throw. If an exception is stored into the returned task, that exception will be thrown when the task is awaited. Usage exceptions, such as <xref:System.ArgumentException>, are still thrown synchronously. For the stored exceptions, see the exceptions thrown by <xref:System.Net.Security.SslStream.AuthenticateAsClient(System.Net.Security.SslClientAuthenticationOptions)>.
]]></format>
</remarks>
<exception cref="T:System.ArgumentNullException">
<paramref name="sslClientAuthenticationOptions" /> is <see langword="null" />.</exception>
<exception cref="T:System.Security.Authentication.AuthenticationException">The authentication failed and left this object in an unusable state.</exception>
<exception cref="T:System.InvalidOperationException">Authentication has already occurred.
-or-
Server authentication using this <see cref="T:System.Net.Security.SslStream" /> was tried previously.
-or-
Authentication is already in progress.</exception>
<exception cref="T:System.ObjectDisposedException">This object has been closed.</exception>
<exception cref="T:System.OperationCanceledException">The cancellation token was canceled. This exception is stored into the returned task.</exception>
</Docs>
</Member>
<Member MemberName="AuthenticateAsClientAsync">
<MemberSignature Language="C#" Value="public virtual System.Threading.Tasks.Task AuthenticateAsClientAsync (string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection? clientCertificates, bool checkCertificateRevocation);" FrameworkAlternate="net-10.0;net-11.0;net-5.0;net-6.0;net-7.0;net-8.0;net-9.0" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig newslot virtual instance class System.Threading.Tasks.Task AuthenticateAsClientAsync(string targetHost, class System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, bool checkCertificateRevocation) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Net.Security.SslStream.AuthenticateAsClientAsync(System.String,System.Security.Cryptography.X509Certificates.X509CertificateCollection,System.Boolean)" />
<MemberSignature Language="VB.NET" Value="Public Overridable Function AuthenticateAsClientAsync (targetHost As String, clientCertificates As X509CertificateCollection, checkCertificateRevocation As Boolean) As Task" />
<MemberSignature Language="F#" Value="abstract member AuthenticateAsClientAsync : string * System.Security.Cryptography.X509Certificates.X509CertificateCollection * bool -> System.Threading.Tasks.Task
override this.AuthenticateAsClientAsync : string * System.Security.Cryptography.X509Certificates.X509CertificateCollection * bool -> System.Threading.Tasks.Task" Usage="sslStream.AuthenticateAsClientAsync (targetHost, clientCertificates, checkCertificateRevocation)" />
<MemberSignature Language="C++ CLI" Value="public:
 virtual System::Threading::Tasks::Task ^ AuthenticateAsClientAsync(System::String ^ targetHost, System::Security::Cryptography::X509Certificates::X509CertificateCollection ^ clientCertificates, bool checkCertificateRevocation);" />
<MemberSignature Language="C#" Value="public virtual System.Threading.Tasks.Task AuthenticateAsClientAsync (string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, bool checkCertificateRevocation);" FrameworkAlternate="netcore-2.0;netcore-2.1;netcore-2.2;netcore-3.0;netcore-3.1;netframework-4.7;netframework-4.7.1;netframework-4.7.2;netframework-4.8;netframework-4.8.1;netstandard-2.1" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyName>System</AssemblyName>