> From: [email protected] [mailto:mono-list-
> [email protected]] On Behalf Of cocowalla
>
> I'm using ServiceStack.NET, self-hosted, which uses HttpListener under the
> hood.
>
> For security reasons, I want to disable SSL v2 and v3, and enable TLS 1.2.
>
> On Windows, Schannel is used for SSL/TLS support, and protocol support is
> configured by changing registry entries under
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProvid
> ers\SCHANNEL\Protocols
>
> How can I enable/disable support for SSL/TLS protocols on Mono?
Requires mono >= 3.4.0.
Here is a snippet of code I use. Obviously modify for your own purposes.
#if LINUX
// The selection of CipherSuites is not available in
windows. Thank you mono! :-)
// New in mono 3.4.0
ServicePointManager.ServerCipherSuitesCallback +=
(SecurityProtocolType p, IEnumerable<string> allCiphers) => {
// See
https://github.com/mosa/Mono-Class-Libraries/blob/master/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
// And
http://iosapi.xamarin.com/?link=P%3aSystem.Net.ServicePointManager.ClientCipherSuitesCallback
// And
http://iosapi.xamarin.com/?link=P%3aSystem.Net.ServicePointManager.ServerCipherSuitesCallback
//
// I am hard-coding the use of TLS. No SSL.
return new List<string> {
// First match wins. So order matters.
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
/* Not using any of these:
* TLS_RSA_WITH_RC4_128_SHA
* TLS_RSA_WITH_RC4_128_MD5
* TLS_RSA_WITH_DES_CBC_SHA
* TLS_RSA_EXPORT_WITH_RC4_40_MD5
* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
* TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
* TLS_RSA_EXPORT_WITH_RC4_56_MD5
* TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5
* TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA
* TLS_RSA_EXPORT_WITH_RC4_56_SHA
*/
};
};
#endif
_______________________________________________
Mono-list maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-list
