From 5bda991de3189e2b9191b4687902cc6ea48a888a Mon Sep 17 00:00:00 2001 From: Sebastien Pouliot Date: Tue, 11 Mar 2014 11:25:03 -0400 Subject: [PATCH] [System] Document the new API for SSL/TLS cipher suites control added in ServicePointManager --- .../en/System.Net/CipherSuitesCallback.xml | 11 ++++--- .../en/System.Net/ServicePointManager.xml | 36 ++++++++++++++++++---- 2 files changed, 36 insertions(+), 11 deletions(-) diff --git a/mcs/class/System/Documentation/en/System.Net/CipherSuitesCallback.xml b/mcs/class/System/Documentation/en/System.Net/CipherSuitesCallback.xml index 9831fac80d9..868d1d80fe2 100644 --- a/mcs/class/System/Documentation/en/System.Net/CipherSuitesCallback.xml +++ b/mcs/class/System/Documentation/en/System.Net/CipherSuitesCallback.xml @@ -16,10 +16,11 @@ System.Collections.Generic.IEnumerable<System.String> - To be added. - To be added. - To be added. - To be added. - To be added. + The SSL/TLS protocol version used for the connection. + The ordered list of all supported cipher suites. + You can provide your own code to filter/re-order the cipher suites to be + used for client and/or server side SSL/TLS support. + The ordered list of all cipher suites you wish to support. + This type is only available in Mono and Xamarin products. diff --git a/mcs/class/System/Documentation/en/System.Net/ServicePointManager.xml b/mcs/class/System/Documentation/en/System.Net/ServicePointManager.xml index 6038d387402..ba60c1d24f4 100644 --- a/mcs/class/System/Documentation/en/System.Net/ServicePointManager.xml +++ b/mcs/class/System/Documentation/en/System.Net/ServicePointManager.xml @@ -92,9 +92,20 @@ instance. System.Net.CipherSuitesCallback - To be added. - To be added. - To be added. + You can filter and/or re-order the ciphers suites that will be sent to the + SSL/TLS server by providing your own callback. + Your custom delegate or null for the default behaviour. + This mechanism cannot be used to add new ciphers. Undefined ciphers will be ignored. + This API is only available in Mono and Xamarin products. + + The following example removes weak (export) ciphers from the list that will be offered to the server. + ServicePointManager.ClientCipherSuitesCallback += (SecurityProtocolType +p, IEnumerable<string> allCiphers) => { + return from cipher in allCiphers where !cipher.Contains ("EXPORT") +select cipher; + }; + + @@ -502,9 +513,22 @@ for it are freed. System.Net.CipherSuitesCallback - To be added. - To be added. - To be added. + You can filter and/or re-order the ciphers suites that the SSL/TLS server + will accept from a client. The first match for a supported client cipher suite + will be used (so the order is important). + Your custom delegate or null for the default behaviour. + This mechanism cannot be used to add new ciphers. Undefined ciphers will be ignored. + This API is only available in Mono and Xamarin products. + + The following example let the server accept AES128 (prefered cipher) or AES256 (allowed cipher) but no other cipher suite. + ServicePointManager.ClientCipherSuitesCallback += (SecurityProtocolType +p, IEnumerable<string> allCiphers) => { + string prefix = p == SecurityProtocolType.Tls ? "TLS_" : "SSL_"; + return new List<string> { prefix + "RSA_WITH_AES_128_CBC_SHA", +prefix + "RSA_WITH_AES_256_CBC_SHA" }; + }; + + -- 2.11.4.GIT