Sign in
 
.NET Framework Developer Center > .NET Development Forums > Network Class Library (System.Net) > Thread safety using ServicePointManager.SecurityProtocol -- I need experts' advice
Ask a questionAsk a question
Search Forums:
 

QuestionThread safety using ServicePointManager.SecurityProtocol -- I need experts' advice

  • Friday, October 23, 2009 12:56 AMch.theriault Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    I'm writing a system in which separate threads connect to different servers over HTTPS.

    One of the remote server I need to connect to is really dumb (Oracle App Server-10g) and requires me to downgrade the the Security-Protocol to SSL3 instead of the TLS.

    The only strategy I know to make it work, is to set the value SecurityProtocolType.Ssl3 in the property SecurityProtocol of the ServicePointManager class. (more info here). But also have to deal in parallel with other smarter servers which are requiring Tsl secutity protocol.

    Questions:
    - since ServicePointManager is a static class,
    - and since I have several threads consumings services from different Https servers at the same time (some with Ssl3, some with Tls),
    => is there any potential threading problem by switching back in forth between static SecurityProtocol.ServicePointManager from Ssl3 to Tls?
    => does setting a value is SecurityProtocol.ServicePointManager in one thread, impact the other threads?

    Corrolary Question:
    => does setting a value is SecurityProtocol.ServicePointManager in one application, impact the other applications?
     

All Replies

  • Friday, October 23, 2009 9:05 PMFeroze Daud Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    The SecurityProtocolType enumeration
    http://msdn.microsoft.com/en-us/library/system.net.securityprotocoltype.aspx is a Flags attribute, so you can set it to use both. In the SSL Handshake, the client will advertise that it supports both protocols, and it will chose the strongest from those advertised by the server.
    feroze
    --
    My blog
    Instruction on how to create a tracelog with your System.Net application
     
  • Tuesday, October 27, 2009 5:27 AMch.theriault Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi Feroze Daud,

    If I understand your point, you are suggesting to make the ServicePointManager's SecurityProtocol more "polyvalent", by handshaking with all encryptions provided with both SSL3 and TLS. This way I would, hopefully, not need to bother about different threads using a different SecurityProtocols. This is, somehow, a work arround.

    I did try it (and just re-tried it), but my remote "Oracle App Server-10g" is very picky and would handshake my connection only if I provide Ssl3 alone. When I use Tls or Tls + Ssl3 (I mean a binary "or") into the SecurityProtocol, my connection gets rejected!

    My questions are still pending, and I'm still unsure about how thread are managed regarding the "global" settings of the ServicePointManager.

    Thanks anyway!