public static CipherSuiteCollection GetSupportedCiphers(bool server, SecurityProtocolType protocol)
{
switch (protocol)
{
case SecurityProtocolType.Default:
case SecurityProtocolType.Tls:
return(CipherSuiteFactory.GetTls1SupportedCiphers());
case SecurityProtocolType.Ssl3:
return(CipherSuiteFactory.GetSsl3SupportedCiphers());
case SecurityProtocolType.Ssl2:
default:
throw new NotSupportedException("Unsupported security protocol type");
}
}
/*
* Client Server
*
* ClientHello -------->
* ServerHello
* Certificate*
* ServerKeyExchange*
* CertificateRequest*
* <-------- ServerHelloDone
* Certificate*
* ClientKeyExchange
* CertificateVerify*
* [ChangeCipherSpec]
* Finished -------->
* [ChangeCipherSpec]
* <-------- Finished
* Application Data <-------> Application Data
*
* Fig. 1 - Message flow for a full handshake
*/
internal override IAsyncResult OnBeginNegotiateHandshake(AsyncCallback callback, object state)
{
// Reset the context if needed
if (this.context.HandshakeState != HandshakeState.None)
{
this.context.Clear();
}
// Obtain supported cipher suites
this.context.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(this.context.SecurityProtocol);
// Set handshake state
this.context.HandshakeState = HandshakeState.Started;
// Receive Client Hello message
return(this.protocol.BeginReceiveRecord(this.innerStream, callback, state));
}
public void ChangeProtocol(short protocol)
{
SecurityProtocolType protocolType = this.DecodeProtocolCode(protocol);
if ((protocolType & this.SecurityProtocolFlags) == protocolType ||
(this.SecurityProtocolFlags & SecurityProtocolType.Default) == SecurityProtocolType.Default)
{
this.SecurityProtocol = protocolType;
this.SupportedCiphers.Clear();
this.SupportedCiphers = null;
this.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(protocolType);
}
else
{
throw new TlsException(AlertDescription.ProtocolVersion, "Incorrect protocol version received from server");
}
}
internal override IAsyncResult BeginNegotiateHandshake(AsyncCallback callback, object state)
{
if (this.context.HandshakeState != HandshakeState.None)
{
this.context.Clear();
}
// Obtain supported cipher suites
this.context.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(false, context.SecurityProtocol);
// Set handshake state
this.context.HandshakeState = HandshakeState.Started;
NegotiateAsyncResult result = new NegotiateAsyncResult(callback, state, NegotiateState.SentClientHello);
// Begin sending the client hello
this.protocol.BeginSendRecord(HandshakeType.ClientHello, NegotiateAsyncWorker, result);
return(result);
}
public static CipherSuiteCollection GetSupportedCiphers(SecurityProtocolType protocol)
{
if (protocol != SecurityProtocolType.Default)
{
if (protocol != SecurityProtocolType.Ssl2)
{
if (protocol == SecurityProtocolType.Ssl3)
{
return(CipherSuiteFactory.GetSsl3SupportedCiphers());
}
if (protocol == SecurityProtocolType.Tls)
{
goto IL_2D;
}
}
throw new NotSupportedException("Unsupported security protocol type");
}
IL_2D:
return(CipherSuiteFactory.GetTls1SupportedCiphers());
}
public static CipherSuiteCollection GetSupportedCiphers(bool server, SecurityProtocolType protocol)
{
CipherSuiteCollection suites;
switch (protocol)
{
case SecurityProtocolType.Default:
case SecurityProtocolType.Tls:
suites = CipherSuiteFactory.GetTls1SupportedCiphers();
break;
case SecurityProtocolType.Ssl3:
suites = CipherSuiteFactory.GetSsl3SupportedCiphers();
break;
case SecurityProtocolType.Ssl2:
default:
throw new NotSupportedException("Unsupported security protocol type");
}
IEnumerable <string> list = null;
#if INSIDE_SYSTEM
// if SSL/TLS support is built-in System.dll (e.g. monotouch) then we can access ServicePointManager
// extension directly
var cb = server ? ServicePointManager.ServerCipherSuitesCallback : ServicePointManager.ClientCipherSuitesCallback;
if (cb == null)
{
return(suites); // e.g. no callback was set
}
list = cb((System.Net.SecurityProtocolType)(int) protocol, suites.GetNames());
#elif !BOOTSTRAP_BASIC
// Mono.Security must work on MS.NET so it cannot depend on any Mono-specific extensions
PropertyInfo pi = null;
if (server)
{
if (server_callback == null)
{
server_callback = spm.GetProperty("ServerCipherSuitesCallback", BindingFlags.Static | BindingFlags.Public);
}
pi = server_callback;
}
else
{
if (client_callback == null)
{
client_callback = spm.GetProperty("ClientCipherSuitesCallback", BindingFlags.Static | BindingFlags.Public);
}
pi = client_callback;
}
if (pi == null)
{
return(suites); // e.g. MS runtime - return every supported suites
}
var cb = (Delegate)pi.GetGetMethod().Invoke(null, null);
if (cb == null)
{
return(suites); // e.g. no callback was set - return every supported suites
}
list = (IEnumerable <string>)cb.DynamicInvoke(new object[] {
(System.Net.SecurityProtocolType)(int) protocol, suites.GetNames()
});
#else
// TODO: right now the callback is only available when using System.Net.* types for SSL/TLS
return(suites);
#endif
CipherSuiteCollection allowed = new CipherSuiteCollection(protocol);
if (list != null)
{
foreach (var name in list)
{
// add any supported (ignore unknowns) ciphers requested by the callback
var cipher = suites [name];
if (cipher != null)
{
allowed.Add(cipher);
}
}
}
return(allowed);
}
