[Mono-dev] Following up on Mono's new TLS implementation
martin.baulig at xamarin.com
Tue Nov 3 18:16:23 UTC 2015
This is an update on the recent work that we have been doing with Mono’s
TLS transport. We have landed into mono/master an important improvement
to the TLS support, this email describes what we did.
In the previous release, we manually chose the TLS implementation in a
handful of places (like HttpWebRequest), but this was not pervasive, in
particular, this was not working for SslStream, or any of the SslStream
users, like .NET’s built-in HTTP server, HttpListener.
We now have added the implementation switcher to the SslStream and
HttpListener classes. The default implementation of SslStream for now
continues to be the old Mono TLS implementation, the one that supports SSL
and up to TLS 1.0. But it is now possible to switch the implementation to
either our new managed implementation or any implementation built on top of
You can control this with the MONO_TLS_PROVIDER environment variable. The
possible settings are as follows:
default - let Mono choose the best implementation available for the
platform, currently this is hardcoded to the old implementation, but we
will change this once we complete the audit of our TLS stack, and we might
change this on a per-platform basis to use SslStream implementations that
use some native library.
Any full typename - You can specify a fully qualified .NET Type, this can
be used to test alternative implementations without changing Mono’s runtime:
Mono.Security.Providers.NewTls, Version=220.127.116.11, Culture=neutral,
This type should subclass the Mono.Security.Interface.MonoTlsProvider
interface from the Mono.Security assembly and have a public parameterless
oldtls - Mono’s historical implementation, it only goes up to TLS 1.0.
newtls - Mono’s new managed implementation, it supports TLS 1.0 up to 1.2
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mono-devel-list