I don't see any obvious hooks in the framework for this, so my guess is that SslStream just delegates down to the OS - so you'll need to change it there. With that in mind:
You can force Windows XP+ to only use FIPS compliant protocols - which would keep RC4 off the list permanently. This may or may not be what you really want to do (though I think it's the only way to actually be compliant): http://support.microsoft.com/kb/811833/en-us Or, to actually change the negotiation order: For pre-Vista versions, I think you'll have to resort to some registry hacking: http://support.microsoft.com/kb/245030/en-us but Vista (and Server 2008), has a GPO and/or CryptoNG (unmanaged) to prioritize the list: http://msdn2.microsoft.com/en-us/library/bb870930(VS.85).aspx#adding__re moving__and_prioritizing_cipher_suites Note that these are *OS* level changes, though, so other apps would be affected as well. That may or may not be important for your scenario.... --Mark Brackett > -----Original Message----- > From: Discussion of advanced .NET topics. [mailto:ADVANCED- > [EMAIL PROTECTED] On Behalf Of James Berry > Sent: Friday, February 01, 2008 12:38 PM > To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM > Subject: [ADVANCED-DOTNET] Controlling sslstream cipher negotiation > > I need to control sslstream's cipher negotiation so it selects 3DES or > AES encryption rather than RC4 if at all possible. I can see how to > see what sslstream negotiated, but not any way to control the cipher > selection - can anyone advise? > > =================================== > This list is hosted by DevelopMentor(r) http://www.develop.com > > View archives and manage your subscription(s) at > http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
