File: System\Net\Security\SslServerAuthenticationOptions.cs
Web Access
Project: src\src\libraries\System.Net.Security\src\System.Net.Security.csproj (System.Net.Security)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
using System.Collections.Generic;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
 
namespace System.Net.Security
{
    public class SslServerAuthenticationOptions
    {
        private X509RevocationMode _checkCertificateRevocation = X509RevocationMode.NoCheck;
        private SslProtocols _enabledSslProtocols = SecurityProtocol.SystemDefaultSecurityProtocols;
        private EncryptionPolicy _encryptionPolicy = EncryptionPolicy.RequireEncryption;
        private bool _allowRenegotiation;
        private bool _allowTlsResume = true;
 
        public bool AllowRenegotiation
        {
            get => _allowRenegotiation;
            set => _allowRenegotiation = value;
        }
 
        /// <summary>
        ///  Gets or sets a value that indicates whether the SslStream should allow TLS resumption.
        /// </summary>
        public bool AllowTlsResume
        {
            get => _allowTlsResume;
            set => _allowTlsResume = value;
        }
 
        public bool ClientCertificateRequired { get; set; }
 
        public List<SslApplicationProtocol>? ApplicationProtocols { get; set; }
 
        public RemoteCertificateValidationCallback? RemoteCertificateValidationCallback { get; set; }
 
        public ServerCertificateSelectionCallback? ServerCertificateSelectionCallback { get; set; }
 
        public X509Certificate? ServerCertificate { get; set; }
 
        public SslStreamCertificateContext? ServerCertificateContext { get; set; }
 
        public SslProtocols EnabledSslProtocols
        {
            get => _enabledSslProtocols;
            set => _enabledSslProtocols = value;
        }
 
        public X509RevocationMode CertificateRevocationCheckMode
        {
            get => _checkCertificateRevocation;
            set
            {
                if (value != X509RevocationMode.NoCheck && value != X509RevocationMode.Offline && value != X509RevocationMode.Online)
                {
                    throw new ArgumentException(SR.Format(SR.net_invalid_enum, nameof(X509RevocationMode)), nameof(value));
                }
 
                _checkCertificateRevocation = value;
            }
        }
 
        public EncryptionPolicy EncryptionPolicy
        {
            get => _encryptionPolicy;
            set
            {
#pragma warning disable SYSLIB0040 // NoEncryption and AllowNoEncryption are obsolete
                if (value != EncryptionPolicy.RequireEncryption && value != EncryptionPolicy.AllowNoEncryption && value != EncryptionPolicy.NoEncryption)
                {
                    throw new ArgumentException(SR.Format(SR.net_invalid_enum, nameof(EncryptionPolicy)), nameof(value));
                }
#pragma warning restore SYSLIB0040
 
                _encryptionPolicy = value;
            }
        }
 
        /// <summary>
        /// Specifies cipher suites allowed to be used for TLS.
        /// When set to null operating system default will be used.
        /// Use extreme caution when changing this setting.
        /// </summary>
        public CipherSuitesPolicy? CipherSuitesPolicy { get; set; }
 
        /// <summary>
        /// Gets or sets an optional customized policy for remote certificate
        /// validation. If not <see langword="null"/>,
        /// <see cref="CertificateRevocationCheckMode"/> and <see cref="SslCertificateTrust"/>
        /// are ignored.
        /// </summary>
        public X509ChainPolicy? CertificateChainPolicy { get; set; }
    }
}