public unsafe IList <SslCipherSuite> GetSupportedCiphers()
{
IntPtr n;
var result = SSLGetNumberSupportedCiphers(Handle, out n);
CheckStatusAndThrow(result);
if ((result != SslStatus.Success) || ((int)n <= 0))
{
return(null);
}
var ciphers = new SslCipherSuite [(int)n];
fixed(SslCipherSuite *p = ciphers)
{
result = SSLGetSupportedCiphers(Handle, p, ref n);
}
CheckStatusAndThrow(result);
return(ciphers);
}
public unsafe IList <SslCipherSuite> GetEnabledCiphers()
{
nint n;
var result = SSLGetNumberEnabledCiphers(Handle, out n);
CheckStatusAndThrow(result);
if ((result != SslStatus.Success) || (n <= 0))
{
return(null);
}
var ciphers = new SslCipherSuite [n];
fixed(SslCipherSuite *p = ciphers)
{
result = SSLGetEnabledCiphers(Handle, p, ref n);
}
CheckStatusAndThrow(result);
return(new List <SslCipherSuite> (ciphers));
}
public unsafe IList <SslCipherSuite> GetSupportedCiphers()
{
nint n;
result = SSLGetNumberSupportedCiphers(Handle, out n);
if ((result != SslStatus.Success) || (n <= 0))
{
return(null);
}
var ciphers = new SslCipherSuite [n];
fixed(SslCipherSuite *p = ciphers)
{
result = SSLGetSupportedCiphers(Handle, p, ref n);
if (result != SslStatus.Success)
{
return(null);
}
}
return(new List <SslCipherSuite> (ciphers));
}
public void AddTlsCipherSuite(SslCipherSuite cipherSuite) => sec_protocol_options_add_tls_ciphersuite(GetCheckedHandle(), cipherSuite);
static extern void sec_protocol_options_add_tls_ciphersuite(sec_protocol_options_t handle, SslCipherSuite cipherSuite);
extern unsafe static /* OSStatus */ SslStatus SSLGetNegotiatedCipher(/* SSLContextRef */ IntPtr context, /* SslCipherSuite* */ out SslCipherSuite cipherSuite);
void InitializeConnection()
{
context = SSLCreateContext(IntPtr.Zero, IsServer ? SslProtocolSide.Server : SslProtocolSide.Client, SslConnectionType.Stream);
var result = SSLSetIOFuncs(Handle, readFunc, writeFunc);
CheckStatusAndThrow(result);
result = SSLSetConnection(Handle, GCHandle.ToIntPtr(handle));
CheckStatusAndThrow(result);
if ((EnabledProtocols & SSA.SslProtocols.Tls) != 0)
{
MinProtocol = SslProtocol.Tls_1_0;
}
else if ((EnabledProtocols & SSA.SslProtocols.Tls11) != 0)
{
MinProtocol = SslProtocol.Tls_1_1;
}
else
{
MinProtocol = SslProtocol.Tls_1_2;
}
if ((EnabledProtocols & SSA.SslProtocols.Tls12) != 0)
{
MaxProtocol = SslProtocol.Tls_1_2;
}
else if ((EnabledProtocols & SSA.SslProtocols.Tls11) != 0)
{
MaxProtocol = SslProtocol.Tls_1_1;
}
else
{
MaxProtocol = SslProtocol.Tls_1_0;
}
#if APPLE_TLS_DEBUG
foreach (var c in GetSupportedCiphers())
{
Debug(" {0} SslCipherSuite.{1} {2:x} {3}", IsServer ? "Server" : "Client", c, (int)c, (CipherSuiteCode)c);
}
#endif
if (Settings != null && Settings.EnabledCiphers != null)
{
SslCipherSuite [] ciphers = new SslCipherSuite [Settings.EnabledCiphers.Length];
for (int i = 0; i < Settings.EnabledCiphers.Length; ++i)
{
ciphers [i] = (SslCipherSuite)Settings.EnabledCiphers[i];
}
SetEnabledCiphers(ciphers);
}
if (AskForClientCertificate)
{
SetClientSideAuthenticate(SslAuthenticate.Try);
}
IPAddress address;
if (!IsServer && !string.IsNullOrEmpty(TargetHost) &&
!IPAddress.TryParse(TargetHost, out address))
{
PeerDomainName = ServerName;
}
}
void InitializeConnection()
{
context = SSLCreateContext(IntPtr.Zero, IsServer ? SslProtocolSide.Server : SslProtocolSide.Client, SslConnectionType.Stream);
var result = SSLSetIOFuncs(Handle, readFunc, writeFunc);
CheckStatusAndThrow(result);
result = SSLSetConnection(Handle, GCHandle.ToIntPtr(handle));
CheckStatusAndThrow(result);
/*
* If 'EnabledProtocols' is zero, then we use the system default values.
*
* In CoreFX, 'ServicePointManager.SecurityProtocol' defaults to
* 'SecurityProtocolType.SystemDefault', which is zero.
*/
if ((EnabledProtocols & SSA.SslProtocols.Tls) != 0)
{
MinProtocol = SslProtocol.Tls_1_0;
}
else if ((EnabledProtocols & SSA.SslProtocols.Tls11) != 0)
{
MinProtocol = SslProtocol.Tls_1_1;
}
else if ((EnabledProtocols & SSA.SslProtocols.Tls12) != 0)
{
MinProtocol = SslProtocol.Tls_1_2;
}
if ((EnabledProtocols & SSA.SslProtocols.Tls12) != 0)
{
MaxProtocol = SslProtocol.Tls_1_2;
}
else if ((EnabledProtocols & SSA.SslProtocols.Tls11) != 0)
{
MaxProtocol = SslProtocol.Tls_1_1;
}
else if ((EnabledProtocols & SSA.SslProtocols.Tls) != 0)
{
MaxProtocol = SslProtocol.Tls_1_0;
}
if (Settings != null && Settings.EnabledCiphers != null)
{
SslCipherSuite [] ciphers = new SslCipherSuite [Settings.EnabledCiphers.Length];
for (int i = 0; i < Settings.EnabledCiphers.Length; ++i)
{
ciphers [i] = (SslCipherSuite)Settings.EnabledCiphers[i];
}
SetEnabledCiphers(ciphers);
}
if (AskForClientCertificate)
{
SetClientSideAuthenticate(SslAuthenticate.Try);
}
IPAddress address;
if (!IsServer && !string.IsNullOrEmpty(TargetHost) &&
!IPAddress.TryParse(TargetHost, out address))
{
PeerDomainName = ServerName;
}
}
static unsafe extern SslStatus SSLSetEnabledCiphers(/* SSLContextRef */ IntPtr context, SslCipherSuite *ciphers, /* size_t */ nint numCiphers);
static unsafe extern SslStatus SSLGetSupportedCiphers(/* SSLContextRef */ IntPtr context, SslCipherSuite *ciphers, /* size_t* */ ref nint numCiphers);
static unsafe extern SslStatus SSLGetNegotiatedCipher(/* SSLContextRef */ IntPtr context, /* SslCipherSuite* */ out SslCipherSuite cipherSuite);
public unsafe IList<SslCipherSuite> GetSupportedCiphers()
{
nint n;
var result = SSLGetNumberSupportedCiphers (Handle, out n);
CheckStatusAndThrow (result);
if ((result != SslStatus.Success) || (n <= 0))
return null;
var ciphers = new SslCipherSuite [n];
fixed (SslCipherSuite *p = ciphers) {
result = SSLGetSupportedCiphers (Handle, p, ref n);
}
CheckStatusAndThrow (result);
return new List<SslCipherSuite> (ciphers);
}
