With the recent advent of BEAST (exploits a vulnerability in SSL / TLS1.0, where the initial bytes of the payload are always) I looked at the SslStreamclass to see if it supports TLS 1.1, TLS 1.2, etc. It only supports ( SslProtocol) SSL 2 and 3 (which both precede TLS) and TLS 1.0.
SslStream
SslProtocol
Given that it SslProtocolonly advertises support for TLS 1.0 and lower, is it possible to use SslStreamfor TLS 1.1 and higher?
The update seems to be in order.
.NET 4.5, SslProtocol (, , SslStream) TLS 1.1 TLS 1.2.
4.6. 4.5 SslStream, AuthenticateAsClient:
AuthenticateAsClient
sslStream.AuthenticateAsClient(hostname, null, SslProtocols.Tls12 | SslProtocols.Tls11, true);