How Can I Determine the Negotiated TLS Version Used in .NET HTTP Requests?

Uncovering the Negotiated TLS Version in Your .NET HTTP Requests

.NET applications default to TLS 1.2 for web requests. However, you can directly control the allowed protocols and determine the final negotiated TLS version using the methods described below.

Method 1: Leveraging .NET Reflection with SslStream

Inspect the TlsStream property of the stream obtained from HttpWebRequest.GetRequestStream() or HttpWebRequest.GetResponseStream(). Employ reflection to access the SslState object and extract the SslProtocol property, revealing the negotiated TLS version.

Method 2: Utilizing .NET Security Context Attributes

The QueryContextAttributesW API (located in secur32.dll) allows retrieval of connection security context details. Specifically, examine the dwProtocol member within the SecPkgContext_ConnectionInfo structure to identify the SslProtocol used.

Method 3: An Alternative using TcpClient (Server-Side Validation Only)

This approach uses TcpClient() to create a secure connection and verify the server certificate using the same settings as ServicePointManager. Note: This is unsuitable if you need TLS information before initiating the web request.

These techniques involve reflection or lower-level APIs. Always anticipate exceptions and address potential reflection permission issues.

The above is the detailed content of How Can I Determine the Negotiated TLS Version Used in .NET HTTP Requests?. For more information, please follow other related articles on the PHP Chinese website!