[Mono-list] Disable SSL v2 and v3

[Edward Ned Harvey (mono)]

> From: mono-list-bounces at lists.ximian.com [mailto:mono-list-
> bounces at lists.ximian.com] On Behalf Of cocowalla
> 
> I'm using ServiceStack.NET, self-hosted, which uses HttpListener under the
> hood.
> 
> For security reasons, I want to disable SSL v2 and v3, and enable TLS 1.2.
> 
> On Windows, Schannel is used for SSL/TLS support, and protocol support is
> configured by changing registry entries under
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProvid
> ers\SCHANNEL\Protocols
> 
> How can I enable/disable support for SSL/TLS protocols on Mono?

Requires mono >= 3.4.0.

Here is a snippet of code I use.  Obviously modify for your own purposes.

			#if LINUX
			// The selection of CipherSuites is not available in windows.  Thank you mono!  :-)
			// New in mono 3.4.0
			ServicePointManager.ServerCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
				// See https://github.com/mosa/Mono-Class-Libraries/blob/master/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
				// And http://iosapi.xamarin.com/?link=P%3aSystem.Net.ServicePointManager.ClientCipherSuitesCallback
				// And http://iosapi.xamarin.com/?link=P%3aSystem.Net.ServicePointManager.ServerCipherSuitesCallback
				//
				// I am hard-coding the use of TLS.  No SSL.
				return new List<string> { 
					// First match wins.  So order matters.
					"TLS_RSA_WITH_AES_256_CBC_SHA",
					"TLS_RSA_WITH_AES_128_CBC_SHA",
					"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
					/* Not using any of these:
					 * TLS_RSA_WITH_RC4_128_SHA
					 * TLS_RSA_WITH_RC4_128_MD5
					 * TLS_RSA_WITH_DES_CBC_SHA
					 * TLS_RSA_EXPORT_WITH_RC4_40_MD5
					 * TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
					 * TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
					 * TLS_RSA_EXPORT_WITH_RC4_56_MD5
					 * TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5
					 * TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA
					 * TLS_RSA_EXPORT_WITH_RC4_56_SHA
					 */
				};
			};
			#endif