views:

35

answers:

1

My application (.net 3.5 sp1) uses the HttpWebRequest to communicate with different endpoints, sometimes its over HTTPS where each hosting server may have a different security protocol requirement say TLS or SSL3 or either.

Generally the servers play nice and happily negotiate/fallback on what SecurityProtocol to use TLS or SSL3, but some don't and when .net is set up as TLS or SSL3 (the default I think) those servers that only support SSL3 cause .net to throw a send error.

From what I can tell .net provides the ServicePointManager object with a property SecurityProtocol which can be set to TLS, SSL3 or both. Hence ideally when set to both the idea is the client and server should negotiate as to what to use, but as previously stated that don't seem to work.

Supposedly you could set the ServicePointManager.SecurityProtocol = Ssl3 but what about the endpoints that want to use TLS?

The problem I see with the ServicePointManager and the SecurityProtocol is that its static and therefore application domain wide.

So to the question..

how would I go about using the HttpWebRequest with a different SecurityProtocol e.g.

1) url 1 set to use TLS | Ssl3 (negotiate)

2) url 2 set to Ssl3 (Ssl3 only)

A: 

Unfortunately, it doesnt look like you can customize this per service point. I would suggest that you file a feature request at the MS Connect website for this area.

As a dirty workaround, you could try executing the sites that require a different security protocol in a new appdomain. Static instances are per appdomain, so that should give you the isolation you need.

feroze
Thanks for confirm my fears, was hoping that wasn't going to be the case.
Rich