[Mono-dev] Status of SslStream and Related Classes

Sebastien Pouliot sebastien.pouliot at gmail.com
Thu Aug 18 15:07:57 EDT 2005

Hello Martin,

On Thu, 2005-18-08 at 19:21 +0100, Martin Hinks wrote:
> Ok, thanks for the answer - I may well have a look at adding some of
> the ciphers when I get time...

That would be nice :)

> I know that it is not a requirement to support all ciphers, but many
> servers that I am using also do not support all the ciphers - they
> seem to support all the ones Mono doesn't currently support - great
> lol!

Mono supports the most common algorithms - at least from an HTTPS point
of view. What are those servers running (software and protocol) ?

> The error produced is could not negotiate a cipher or something
> similar - which was "fixed" by adding a DH cipher to the list of
> support ciphers (when I say fixed I mean it got a stage further - so
> the exception was just unsupported ciphers.)

Both normal. 

Negotiation is done by intersecting the list of ciphers available to
both client and server and selecting (server) one of them. An alert is
sent if the intersection is empty.

Adding something, like DH, to the client list results in a non-empty
intersection - but the client isn't capable to continue the handshake
because it doesn't support DH.

> When I said "problem" I meant the lack of support for, hence, is the
> lack of support due to DH in Mono not being implemented or merely that
> the SSLStream hasn't been tweaked to support DH?

I answered that...
> > * Mono.Security.dll supports DH (i.e. DH is present and working) so it
> > isn't a cryptographic issue;

> Thanks again, it's a great class as it is - would be great if I could
> help add some ciphers!

As I said it shouldn't too complex to add. It's even easier (test wise)
if you have access to servers that only support algorithms not present
in Mono.
Sebastien Pouliot <sebastien.pouliot at gmail.com>

More information about the Mono-devel-list mailing list