Transport Layer Security (TLS)
Enabling TLS 1.2 for Xamarin projects on Android, iOS, and Mac
Using the latest version of Transport Layer Security (TLS) is important to ensure application network communications are secure.
Xamarin releases since February 2017 use TLS 1.2 in new projects by default.
TLS 1.2 support is now available in:
- Mono 4.8 (includes TLS 1.2 support)
- Xamarin.Android (requires Android 5.0 or newer)
Projects must reference the System.Net.Http assembly.
Updating to TLS 1.2
This section explains some of the configuration options for networking in Xamarin projects, so you can update your existing apps to take advantage of the more secure protocol.
These settings can be found in Project Options > Android Options and then clicking on the Advanced button:
Xamarin developers have always been able to use the native networking classes
in their code, however there is also an option that determines which networking
stack is used by the
HttpClient classes. This provides a familiar .NET API
that has the speed and security advantages of the native platform.
The options are:
- Managed stack – the Mono-provided network functionality, or
- Native stack – various networking APIs provided by the underlying platforms (Android, iOS, or macOS).
The managed stack provides the highest level of compatibility with existing .NET code, however it can be slower and result in larger executable size.
The native options can be faster and have better security (including TLS 1.2),
but may not provide all the functionality and options of the
Project options also let you choose which SSL/TLS implementation to support:
- Mono/Managed – TLS 1.1 on Android, TLS 1.0 on iOS and macOS.
- Native – TLS 1.2 on both Android, iOS, and macOS.
New Xamarin projects default to the native implementation that supports TLS 1.2 (which is recommended for all projects), however you can switch back to the managed code if required for compatibility reasons.
The Mono/Managed option will be removed in a future release.
The Native option is recommended.
The above summary explains the project-level settings for HttpClient and SSL/TLS implementation in Xamarin Projects. The HttpClient implementation can also be set dynamically in code, and on iOS there are two native options to choose from.
Applications should use Transport Layer Security (TLS) 1.2 wherever possible. New apps now default to this configuration, however you may need to update the settings in existing applications according to the instructions in this article.
- App Transport Security
- Xamarin.Android Environment
- Xamarin Cycle 9 (February 2017)
- TLS (Wikipedia)
- Mono 4.8 Release Notes - TLS 1.2 Support
- HttpClient, HttpClientHandler, and WebRequestHandler Explained
- HTTP Client (sample)