<div dir="ltr"><span id="docs-internal-guid-49e07539-ce8f-b4d0-e55e-6b3b937474d8"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Hello,</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">This is an update on the recent work that we have been doing with Mono’s TLS transport.   We have landed into mono/master an important improvement to the TLS support, this email describes what we did.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">In the previous release, we manually chose the TLS implementation in a handful of places (like </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">HttpWebRequest</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">), but this was not pervasive, in particular, this was not working for </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">SslStream</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">, or any of the </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">SslStream</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> users, like .NET’s built-in HTTP server, </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">HttpListener</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">We now have added the implementation switcher to the </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">SslStream</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> and </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">HttpListener</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> classes.   The default implementation of </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">SslStream</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> for now continues to be the old Mono TLS implementation, the one that supports SSL and up to TLS 1.0.   But it is now possible to switch the implementation to either our new managed implementation or any implementation built on top of something else.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">You can control this with the </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">MONO_TLS_PROVIDER</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> environment variable.  The possible settings are as follows:</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:36pt"><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">default</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> - let Mono choose the best implementation available for the platform, currently this is hardcoded to the old implementation, but we will change this once we complete the audit of our TLS stack, and we might change this on a per-platform basis to use </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">SslStream</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> implementations that use some native library.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:36pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Any full typename - You can specify a fully qualified .NET Type, this can be used to test alternative implementations without changing Mono’s runtime:</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:36pt"><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">MONO_TLS_PROVIDER="Mono.Security.Providers.NewTls.NewTlsProvider, Mono.Security.Providers.NewTls, Version=4.0.0.0, Culture=neutral, PublicKeyToken=84e3aee7225169c2"</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:36pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">This type should subclass the </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Mono.Security.Interface.MonoTlsProvider</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> interface from the </span><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Mono.Security</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> assembly and have a public parameterless constructor.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:36pt"><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">oldtls</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> - Mono’s historical implementation, it only goes up to TLS 1.0.   </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:36pt"><span style="font-size:14.6667px;font-family:'Courier New';color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">newtls</span><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"> - Mono’s new managed implementation, it supports TLS 1.0 up to 1.2</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Enjoy!</span></p><div><span style="font-size:14.6667px;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent"><br></span></div></span></div>