ServicePointManager.SecurityProtocol 属性


获取或设置由 ServicePoint 对象管理的 ServicePointManager 对象所使用的安全协议。Gets or sets the security protocol used by the ServicePoint objects managed by the ServicePointManager object.

 static property System::Net::SecurityProtocolType SecurityProtocol { System::Net::SecurityProtocolType get(); void set(System::Net::SecurityProtocolType value); };
public static System.Net.SecurityProtocolType SecurityProtocol { get; set; }
member this.SecurityProtocol : System.Net.SecurityProtocolType with get, set
Public Shared Property SecurityProtocol As SecurityProtocolType


SecurityProtocolType 枚举中定义的值之一。One of the values defined in the SecurityProtocolType enumeration.


为设置属性而指定的值不是有效 SecurityProtocolType 枚举值。The value specified to set the property is not a valid SecurityProtocolType enumeration value.


此属性选择要用于新连接的安全套接字层(SSL)或传输层安全性(TLS)协议的版本;不会更改现有连接。This property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing connections aren't changed.

从 .NET Framework 4.7 开始,将 SecurityProtocolType.SystemDefault此属性的默认值。Starting with the .NET Framework 4.7, the default value of this property is SecurityProtocolType.SystemDefault. 这允许基于 SslStream (如 FTP、HTTP 和 SMTP)的 .NET Framework 网络 Api 从操作系统或系统管理员执行的任何自定义配置继承默认安全协议。This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator. 有关默认情况下在每个版本的 Windows 操作系统上启用了哪些 SSL/TLS 协议的信息,请参阅TLS/SSL (SCHANNEL SSP)中的协议For information about which SSL/TLS protocols are enabled by default on each version of the Windows operating system, see Protocols in TLS/SSL (Schannel SSP).

对于通过 .NET Framework 4.6.2 的 .NET Framework 版本,不会列出此属性的默认值。For versions of the .NET Framework through the .NET Framework 4.6.2, no default value is listed for this property. 安全环境不断变化,默认的协议和保护级别会随着时间的推移而更改,以避免已知的漏洞。The security landscape changes constantly, and default protocols and protection levels are changed over time in order to avoid known weaknesses. 默认值因单独的计算机配置、已安装的软件和应用的修补程序而异。Defaults vary depending on individual machine configuration, installed software, and applied patches.

你的代码决不会依赖于使用特定的保护级别,也不应假定默认情况下使用给定的安全级别。Your code should never implicitly depend on using a particular protection level, or on the assumption that a given security level is used by default. 如果你的应用程序依赖于特定安全级别的使用,则必须显式指定该级别,然后检查以确保它在已建立的连接上实际使用。If your app depends on the use of a particular security level, you must explicitly specify that level and then check to be sure that it is actually in use on the established connection. 此外,你的代码应设计为在面对受支持的协议的更改时可靠,因为此类更改通常不需要提前通知就可以缓解新兴的威胁。Further, your code should be designed to be robust in the face of changes to which protocols are supported, as such changes are often made with little advance notice in order to mitigate emerging threats.

4.6 .NET Framework 包括一项新的安全功能,用于阻止连接的不安全密码和哈希算法。The .NET Framework 4.6 includes a new security feature that blocks insecure cipher and hashing algorithms for connections. 默认情况下,通过 Api 使用 TLS/SSL (如 HttpClient、HttpWebRequest、FTPClient、、 等)和目标 .NET Framework 4.6 获取更安全的行为。Applications using TLS/SSL through APIs such as HttpClient, HttpWebRequest, FTPClient, SmtpClient, SslStream, etc. and targeting .NET Framework 4.6 get the more-secure behavior by default.

开发人员可能需要选择退出此行为,以便与现有的 SSL3 服务或具有 RC4 服务的 TLS 保持互操作性。Developers may want to opt out of this behavior in order to maintain interoperability with their existing SSL3 services OR TLS w/ RC4 services. 本文介绍如何修改代码,以便禁用新行为。This article explains how to modify your code so that the new behavior is disabled.