Set the SecurityProtocol (Ssl3 or TLS) on the .net HttpWebRequest per request

Rich picture Rich · Sep 25, 2010 · Viewed 46.9k times · Source

My application (.net 3.5 sp1) uses the HttpWebRequest to communicate with different endpoints, sometimes its over HTTPS where each hosting server may have a different security protocol requirement say TLS or SSL3 or either.

Generally the servers play nice and happily negotiate/fallback on what SecurityProtocol to use TLS or SSL3, but some don't and when .net is set up as TLS or SSL3 (the default I think) those servers that only support SSL3 cause .net to throw a send error.

From what I can tell .net provides the ServicePointManager object with a property SecurityProtocol which can be set to TLS, SSL3 or both. Hence ideally when set to both the idea is the client and server should negotiate as to what to use, but as previously stated that don't seem to work.

Supposedly you could set the ServicePointManager.SecurityProtocol = Ssl3 but what about the endpoints that want to use TLS?

The problem I see with the ServicePointManager and the SecurityProtocol is that its static and therefore application domain wide.

So to the question..

how would I go about using the HttpWebRequest with a different SecurityProtocol e.g.

1) url 1 set to use TLS | Ssl3 (negotiate)

2) url 2 set to Ssl3 (Ssl3 only)

Answer

feroze picture feroze · Sep 26, 2010

Unfortunately, it doesnt look like you can customize this per service point. I would suggest that you file a feature request at the MS Connect website for this area.

As a dirty workaround, you could try executing the sites that require a different security protocol in a new appdomain. Static instances are per appdomain, so that should give you the isolation you need.