Home > Backend Development > C++ > How to Determine the Negotiated TLS Version in .NET Applications?

How to Determine the Negotiated TLS Version in .NET Applications?

Linda Hamilton
Release: 2025-01-10 08:14:40
Original
1001 people have browsed it

How to Determine the Negotiated TLS Version in .NET Applications?

Determine negotiated TLS version

When initiating a network handshake over TLS, it is often valuable for debugging or logging purposes to determine the specific TLS version that was agreed upon. This article explores ways to retrieve this information to suit a variety of scenarios.

Use .NET Reflection API

For .NET applications running on Framework 4.7 or higher, the following method leverages reflection to access the underlying TlsStream and extract the negotiated TLS protocol:

<code class="language-csharp">using System.Net;
using System.Reflection;
using System.Security.Authentication;

// 获取与网络请求关联的TLS流
using (var requestStream = request.GetRequestStream())
{
    // 利用反射访问TLS流的属性
    var tlsStream = requestStream.GetType()
        .GetProperty("Connection", BindingFlags.Instance | BindingFlags.NonPublic)
        .GetValue(requestStream);
    var tlsState = tlsStream.GetType()
        .GetProperty("NetworkStream", BindingFlags.Instance | BindingFlags.NonPublic)
        .GetValue(tlsStream);
    var sslProtocol = (SslProtocols)tlsState.GetType()
        .GetProperty("SslProtocol", BindingFlags.Instance | BindingFlags.NonPublic)
        .GetValue(tlsState);

    // 处理协商的TLS协议(例如,日志记录或显示)
}</code>
Copy after login

Use server certificate verification callback

Another approach involves using ServerCertificateValidationCallback, which is called when a TLS connection is established. Here's how this method is integrated:

<code class="language-csharp">using System.Net;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;

// 设置ServerCertificateValidationCallback
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, errors) => {
    // 获取TLS协议版本
    var sslProtocol = ((SslStream)sender).SslProtocol;

    // 处理协商的TLS协议(例如,日志记录或显示)
    return true;  // 回调也可以用于证书验证,此处作为一个示例显示。
};</code>
Copy after login

Use .NET Security DLL

Finally, an advanced technique involves using the QueryContextAttributesW method in secur32.dll to access the security context attributes. This method can provide more detailed information about the established secure connection.

<code class="language-csharp">using System;
using System.Runtime.InteropServices;

[DllImport("secur32.dll", CharSet = CharSet.Auto, ExactSpelling = true, SetLastError = false)]
private static extern int QueryContextAttributesW(
    IntPtr contextHandle,
    ContextAttribute attribute,
    ref SecPkgContext_ConnectionInfo connectionInfo);

public enum ContextAttribute
{
    // 获取TLS协议版本
    SecPkgContext_ConnectionInfo = 0x9
}

public struct SecPkgContext_ConnectionInfo
{
    public SchProtocols dwProtocol;
    // 其他属性也可以用于获取有关密码和哈希算法的信息
}</code>
Copy after login

Note: This method requires access to non-public properties and fields, making it a less direct method.

By implementing these technologies, developers can retrieve negotiated TLS versions for HttpWebRequest and TcpClient connections, allowing them to capture valuable information for debugging and logging.

The above is the detailed content of How to Determine the Negotiated TLS Version in .NET Applications?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template