Rebex.Net.SecureSocket MAC for SSL3 records and SSL3 Finished message The MAC is generated as: alg(K + pad_2 + alg(text + K + pad_1)) // Handshake Finished message MAC alg(K + pad_2 + alg(K + pad_1 + text)) // Record MAC where K is an n byte key
pad_1 is the character 0x36 repeated 48 times for MD5 or 40 times for SHA pad_2 is the character 0x5c repeated 48 times for MD5 or 40 times for SHA and text is the data being protected
 Summary description for EnhancedMemoryStream. The event group. Debug info. Handshake message. Alert message. State changed. Cipher specification messages. The event type. A cached session is being re-established. Received data of unknown message type. Unexpected exception encountered. HelloRequest handshake message. ClientHello handshake message. ServerHello handshake message. Certificate handshake message. ServerKeyExchange handshake message. CertificateRequest handshake message. ServerHelloDone handshake message. CertificateVerify handshake message. ClientKeyExchange handshake message. Finished handshake message. Unknown handshake message. Alert message. Cipher negotiation has begun. Socket was secured. Socket was closed. ChangeCipherSpec message. The source of the event. Not specified. Sent by the local computer. Received from the remote computer. Debug level. No debug events. Important events only. This is the default. All events. Represents the method that will handle the Debug event of a class. The source of the event. A that contains the event data. Provides data for the Message event. Returns the raw data of the message, if available. Raw data of the message. Initializes a new instance of the class. Event type. Event source. Event level. Initializes a new instance of the class. Event type. Event source. Event level. Buffer containing the unparsed message. Offset of the message in buffer. Length of the message. Gets the event type. The event type. Gets the event group. The event group. Gets the event source. The event source. Gets the event level. The event level. Defines the interface that certificate verifier classes must implement. Validates a certificate. The socket that needs the certificate verification. Common name of the server. Certificate chain to be validated. True to accept the chain, False to reject. Defines the interface that certificate request handler classes must implement. Validates a certificate. The socket that needs the certificate verification. The list of acceptable issuers' names. Certificate chain. Provides a set of common verifiers. A verifier that accepts all certificates - no verification is done. This is very insecure. Only use this during debugging. Default verifier. Recommended. Uses the SSPI provider to validate the certificate chain. Provides a set of common certificate request handlers. A certificate request handler that selects no certificate. Use this if you don't want to authenticate using the client certificate. Inteligent certificate request handler. Recommended for non-GUI applications Uses the SSPI provider to select a first suitable certificate found in user's certificate store. The hello request message may be sent by the server at any time. Hello request is a simple notification that the client should begin the negotiation process anew by sending a client hello message when convenient. When a client first connects to a server it is required to send the client hello as its first message. The client can also send a client hello in response to a hello request or on its own initiative in order to renegotiate the security parameters in an existing connection. The server will send this message in response to a client hello message when it was able to find an acceptable set of algorithms. If it cannot find such a match, it will respond with a handshake failure alert. The server must send a certificate whenever the agreed-upon key exchange method is not an anonymous one. This message will always immediately follow the server hello message.

This message will be sent immediately after the server certificate message (or the server hello message, if this is an anonymous negotiation).

The server key exchange message is sent by the server only when the server certificate message (if sent) does not contain enough data to allow the client to exchange a premaster secret.

The server hello done message is sent by the server to indicate the end of the server hello and associated messages. After sending this message the server will wait for a client response. This message is always sent by the client. It will immediately follow the client certificate message, if it is sent. Otherwise it will be the first message sent by the client after it receives the server hello done message. A finished message is always sent immediately after a change cipher spec message to verify that the key exchange and authentication processes were successful. It is essential that a change cipher spec message be received between the other handshake messages and the Finished message. The TLS socket. The underlying socket. Timeout fields. Specifies the current socket state. Security parameters. Represents a TLS/SSL cipher. Returns a description of the cipher. Description of the cipher. Gets the active cipher algorithm. Active cipher algorithm. Gets the active message authentication code (MAC) algorithm. Active MAC algorithm. Gets the value indicating whether the cipher is a block cipher in CBC mode. true if block cipher, false if stream cipher. Gets the size of key material. Size of key material. Gets the key size. Key size. Gets the effective key size. Effective key size. Gets the cipher's block size. Block size. Gets the MAC algorithm block size. MAC algorithm block size. Gets the value indicating whether the cipher is exportable. true if exportable, false if not exportable. Gets the active protocol version. The active protocol version. Gets the selected key exchange algorithm. Selected key exchange algorithm. Returns the cipher suite ID. Cipher suite ID. The exception that is thrown when a TLS/SSL error occurs. Initializes a new instance of the class with serialized data. The object that holds the serialized object data. The contextual information about the source or destination. Sets the with information about the . The object that holds the serialized object data. The contextual information about the source or destination. Initializes a new instance of the class with the specified error message. The message that describes the error. Initializes a new instance of the class with the specified error message and a reference to the inner exception that is the cause of this exception. The message that describes the error. The exception that is the cause of the current exception. Security parameters. Returns a shallow copy of the current parameters. A shallow copy of current parameters. Initializes a new instance of TlsParameters with default parameters. Gets or sets the allowed protocol versions. Allowed protocol versions. Gets or sets the entity of a socket. Connection entity. Gets or sets the connection options. Connection options. Gets or sets the group of allowed cipher suites. The group of allowed cipher suites. Gets or sets the common name of the server. The common name of the server. Gets or sets the certificate verifier. The certificate verifier. Verifier is used for verifying the server's or client's certificate. Gets or sets the certificate to be used. The certificate to be used.

This is only used to set the server certificate.

For client sockets, this is the certificate that is sent to the server if no certificate is requested. Otherwise, the certificate returned by is used.

This certificate will be used to sign data, so it must have a private key associated.

Gets or sets the certificate request handler. The certificate request handler.

This is only used by client sockets.

When a server requests a client to send a certificate, this will be used to select the appropriate client certificate.

Default value is . You might want to use if client authentication is needed.

Gets or sets the session ID. The session ID. Gets or sets the list of acceptable certificate authorities. The list of acceptable certificate authorities. This is only used by server sockets. Gets or sets the certificate policy for server sockets. The certificate policy. This is only used by server sockets. Gets or sets the ephemeral Hellman-Diffie parameters for DHE key exchange on server sockets. The ephemeral Hellman-Diffie parameters.

This is only used by server sockets.

Only P and G parameters are used.

Gets or sets the temporary RSA key parameters for RSA_EXPORT key exchange on server sockets with certificates with key length >512. The ephemeral Hellman-Diffie parameters.

This is only used by server sockets.

Represents a TLS/SSL-enabled TCP socket.

This class is suitable for securing your socket communication using the TLS 1.0 protocol or its predecesor SSL 3.0.

Only TCP protocol is supported.

Gets the amount of data that has been received from the network and is available to be read. The number of bytes of data that has been received from the network and are available to be read, or 0 if either no data is available or the is no longer connected.

The available data is generally the total amount of data queued on the current instance.

Raises the event. A that contains the event data. Initializes an instance of the class. The default constructor initializes an instance of the . Initializes an instance of the class with the specified address family. Address family. Initializes an instance of the class with the specified base socket. Base socket. Use this if you need to upgrade an existing socket to use TLS/SSL. Sends data to a connected . The data to be sent. The number of bytes sent. Prior to sending data, the socket must be connected using either a call to method or a call to and methods. Sends data to a connected using the supplied flags. The data to be sent. A bitwise combination of the values. The number of bytes sent. Prior to sending data, the socket must be connected using either a call to method or a call to and methods. Sends the specified amount of data to a connected using the supplied flags. The data to be sent. The number of bytes to send. A bitwise combination of the values. The number of bytes sent. Prior to sending data, the socket must be connected using either a call to method or a call to and methods. Sends the specified amount of data to a connected starting at the indicated location in the data and using the supplied flags. The data to be sent. The position in the data buffer to begin sending data. The number of bytes to send. A bitwise combination of the values. The number of bytes sent. Prior to sending data, the socket must be connected using either a call to method or a call to and methods. Receives data from a connected . The storage location for the received data. The number of bytes received. Prior to receiving data, the socket must be connected using either a call to method or a call to and methods. Receives data from a connected using the supplied flags. The storage location for the received data. A bitwise combination of the values. The number of bytes received. Prior to receiving data, the socket must be connected using either a call to method or a call to and methods. Receives the specified amount of data from a connected using the supplied flags. The storage location for the received data. The number of bytes to receive. A bitwise combination of the values. The number of bytes received. Prior to receiving data, the socket must be connected using either a call to method or a call to and methods. Receives the specified amount of data from a connected into a specific location of the receive buffer and using the supplied flags. The storage location for the received data. The position in the buffer at which to store the received data. The number of bytes to receive. A bitwise combination of the values. The number of bytes received. Prior to receiving data, the socket must be connected using either a call to method or a call to and methods. Establishes a connection to a remote device. An that represents the remote device. The Connect method establishes a network connection to a device identified by the remoteEP parameter. Once the connection has been made, you can send data to the remote device with the Send method, or receive data from the remote device with the Receive method. Places a into a listening state. The maximum length of the pending connections queue. Creates a new for a newly created connection. A for a newly created connection. Negotiates TLS/SSL cipher. Forces a connection to close.

The Connected property is set to false when the socket is closed.

The application should call before calling Close to ensure that all pending data is sent or received before the Socket is closed.

Disables sends and receives on a . The value specifying the operation that will no longer be allowed. See the reference for for details. Reverts back to an unencrypted socket. Occurs when a TLS/SSL event is processed. Gets or sets the internal value. The internal value. Use with care. Gets or sets the length of time before the security negotiation times out. The length of time, in milliseconds, until the negotiation times out, or the value -1 or 0 to indicate that the negotiation does not time out. Default is 60000 (60 seconds). Gets the remote endpoint. The remote endpoint that the is using for communications. The RemoteEndPoint property gets the network connection information associated with either the remote host or the proxy server. RemoteEndPoint is set by methods that establish a connection to a remote host. Gets the local endpoint. The local endpoint that the is using for communications. The LocalEndPoint property contains the network connection information associated with the local network device. Gets a value indicating whether a is connected to a remote resource. true if the is connected to a remote resource; otherwise, false.

Gets the connection state of the . This property will return the latest known state of the SecureSocket. When it returns false, the SecureSocket was either never connected, or no longer connected. When it returns true, the SecureSocket was connected at the time of the last I/O operation or the method.

Note: There is no guarantee that the Socket is still connected even though Connected returns true.

Gets the operating system handle for the inner . An representing the operating system handle for the . Gets the session ID of the connection. The session ID of the connection. Gets the active cipher. Active cipher. Gets the server's certificate chain. The server's certificate chain. The first certificate in the chain is the server's certificate. Gets the client's certificate chain. The client's certificate chain. The first certificate in the chain is the client's certificate. Gets the current security state of the connection. True if all data (send or received) is beign encrypted. Use method to secure the connection. Gets the entity. Entity. Entity is Client for client sockets and Server for server sockets. Gets the active data compression method. Active data compression method. No data compression is currently supported. Gets or sets the security parameters of the current socket. The security parameters of the current socket. Gets or sets the debug level that specifies an amount of messages event handlers receive. Debug level. TLS/SSL protocol version. No SSL/TLS used. SSL 3.0 protocol. Deprecated. TLS 1.0 protocol. TLS 1.1 protocol. Experimental. TLS/SSL protocol version flags. None. SSL 3.0 protocol. Deprecated. TLS 1.0 protocol. TLS 1.1 protocol. Experimental. Use any supported protocol Connection end. None. Server socket. Client socket. Bulk cipher algorithm. None. RC4. RC2. DES. TripleDES. AES. Specifies the MAC algorithm in use. No MAC algorithm in use. MD5 algorithm. SHA1 algorithm. Specifies the compression method. Currently, no compression is supported. No compression. Specifies the key exchange algorithm. No key exchange. RSA signature, RSA encryption. RSA signature, ephemeral Diffie-Hellman. DSS signature, ephemeral Diffie-Hellman. Specifies the current connection state. Connection is not secured yet. Security parameters negotiation is in progress. Connection is secured, transfers are encrypted. Connection has been closed. Specifies the set of desired cipher suites. The following ciphers are currently considered secure:
RSA_WITH_RC4_128_SHA
RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
DHE_DSS_WITH_3DES_EDE_CBC_SHA
DHE_DSS_WITH_AES_128_CBC_SHA
DHE_DSS_WITH_AES_256_CBC_SHA
DHE_DSS_WITH_RC4_128_SHA
DHE_RSA_WITH_3DES_EDE_CBC_SHA
DHE_RSA_WITH_AES_128_CBC_SHA
DHE_RSA_WITH_AES_256_CBC_SHA
 No cipher suite. Exportable 40bit RC4 with MD5 hash. This cipher is not considered secure. 128bit RC4 with MD5 hash. This cipher is not considered secure. 128bit RC4 with SHA1 hash. This cipher is currently considered secure. Exportable 40bit RC2 in CBC mode with MD5 hash. This cipher is not considered secure. Exportable 40bit DES in CBC mode with SHA1 hash. This cipher is not considered secure. 56bit DES in CBC mode with SHA1 hash. This cipher is not considered secure. TripleDES in CBC mode with SHA1 hash. This cipher is currently considered secure. Exportable 56bit DES in CBC mode with SHA1 hash. This cipher is not considered secure. Exportable 56bit RC4 mode with SHA1 hash. This cipher is not considered secure. 128bit AES in CBC mode with SHA1 hash. This cipher is currently considered secure. 256bit AES in CBC mode with SHA1 hash. This cipher is currently considered secure. Exportable 40bit DES in CBC mode with SHA1 hash. 56bit DES in CBC mode with SHA1 hash. TripleDES in CBC mode with SHA1 hash. 128bit AES in CBC mode with SHA1 hash. This cipher is currently considered secure. 256bit AES in CBC mode with SHA1 hash. This cipher is currently considered secure. Exportable 56bit DES in CBC mode with SHA1 hash. Exportable 40bit RC4 with SHA1 hash. 128bit RC4 with SHA1 hash. This cipher is currently considered secure. Exportable 40bit DES in CBC mode with SHA1 hash. 56bit DES in CBC mode with SHA1 hash. TripleDES in CBC mode with SHA1 hash. 128bit AES in CBC mode with SHA1 hash. This cipher is currently considered secure. 256bit AES in CBC mode with SHA1 hash. This cipher is currently considered secure. Specifies all ciphers that are currently considered secure. See for the list. Specifies all ciphers, including the weak ones. Specifies the certificate policy for the server sockets. Don't request a client certificate. Request a client certificate, but do not fail if none is provided. Request a client certificate and fail if none is provided. Specifies certificate acceptance values. A certificate is to be accepted. The certificate common name does not match the server's name. A certificate is corrupt, contains signatures that do not verify correctly, etc. A certificate is of an unsupported type. A certificate was revoked by its signer. A certificate has expired or is not currently valid. A CA certificate could not be found or untrusted CA. Some other issue arose in processing the certificate, rendering it unacceptable. Specifies secure connection options. No options. Do not cache any sessions. Mostly useful for debugging purposes. Do not shutdown and close the underlying socket after sending or receiving fatal alert or close notify. Protocols like FTP use this feature. Do not send empty record after sucessful handshake with CBC ciphers. For compatibility with broken implementations. Ignore the client version in premaster secret. This only affects server sockets. For compatibility with broken client implementations. Forces the method to do immediate unprotect without exchange of CloseNotify alert messages. This is in violation of the RFC, but some broken servers need it, unfortunately. This option is currently unused.