Need to set cipher suite at the code in C# RRS feed

  • Question

  • Hi Team,

              I am trying to enforce some preferred cipher suite, in C# code whenever i make TLS/SSL call. But there is no capability in C# to set the list of cipher suite in the C# code. But for java and C++ have option to enforce list of cipher suite in the code.

    Sample in java :

           OkHttpClient httpClient = new OkHttpClient();
             ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
                    .cipherSuites("List of cipher suites")

    I am expecting the similar kind of setting cipher suites in the C# code. But there is option suggested by microsoft is to change at the registry level, like disabling the unwanted cipher suites using powershell scripts. But this will affect the other application running in the same machine.

    Could you please let me know is there option to set list of cipher suites in C# code

    • Edited by MathiSharp Wednesday, April 11, 2018 12:32 PM
    Wednesday, April 11, 2018 12:17 PM

All replies

  • The build-in classes HttpWebRequest and the sort all uses Windows native SChannel to implement SSL encryption, therefore has no programmatic way to control the cipher suite list.

    However nothing stops you from using Bouncy Castle or OpenSSL with a wrapper as you would in Java/C++.

    BC based example can be found here.

    • Edited by cheong00Editor Thursday, April 12, 2018 1:18 AM
    • Proposed as answer by Fei Hu Tuesday, April 24, 2018 2:20 AM
    Thursday, April 12, 2018 1:15 AM