ServicePointManager.SecurityProtocol 屬性


取得或設定由 ServicePointManager 物件管理的 ServicePoint 物件所使用的安全性通訊協定。Gets or sets the security protocol used by the ServicePoint objects managed by the ServicePointManager object.

 static property System::Net::SecurityProtocolType SecurityProtocol { System::Net::SecurityProtocolType get(); void set(System::Net::SecurityProtocolType value); };
public static System.Net.SecurityProtocolType SecurityProtocol { get; set; }
member this.SecurityProtocol : System.Net.SecurityProtocolType with get, set
Public Shared Property SecurityProtocol As SecurityProtocolType



SecurityProtocolType 列舉型別中定義的一個值。One of the values defined in the SecurityProtocolType enumeration.


指定用來設定屬性的值不是一個有效的 SecurityProtocolType 列舉值。The value specified to set the property is not a valid SecurityProtocolType enumeration value.


此屬性會選取要用於新連線之安全通訊端層 (SSL) 或傳輸層安全性 (TLS) 通訊協定的版本;現有的連接不會變更。This property selects the version of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol to use for new connections; existing connections aren't changed.

從 .NET Framework 4.7 開始,此屬性的預設值為 SecurityProtocolType.SystemDefaultStarting with the .NET Framework 4.7, the default value of this property is SecurityProtocolType.SystemDefault. 這可讓您根據 SslStream ((例如 FTP、HTTP 和 SMTP) ) .NET Framework 網路 api,從作業系統或系統管理員所執行的任何自訂設定繼承預設的安全性通訊協定。This allows .NET Framework networking APIs based on SslStream (such as FTP, HTTP, and SMTP) to inherit the default security protocols from the operating system or from any custom configurations performed by a system administrator. 如需每個 Windows 作業系統版本上預設啟用的 SSL/TLS 通訊協定的詳細資訊,請參閱 TLS/SSL (SCHANNEL SSP) 中的通訊協定 For information about which SSL/TLS protocols are enabled by default on each version of the Windows operating system, see Protocols in TLS/SSL (Schannel SSP).

針對 .NET Framework .NET Framework 4.6.2 的版本,則不會列出此屬性的預設值。For versions of the .NET Framework through the .NET Framework 4.6.2, no default value is listed for this property. 安全性環境不斷變更,而預設的通訊協定和保護層級會隨著時間而改變,以避免已知的弱點。The security landscape changes constantly, and default protocols and protection levels are changed over time in order to avoid known weaknesses. 預設值會根據個別的電腦設定、已安裝的軟體及套用的修補程式而有所不同。Defaults vary depending on individual machine configuration, installed software, and applied patches.

您的程式碼絕對不應隱含地依賴特定的保護層級,或根據預設使用指定的安全性層級。Your code should never implicitly depend on using a particular protection level, or on the assumption that a given security level is used by default. 如果您的應用程式需要使用特定的安全性層級,您必須明確地指定層級,並確定它實際上已在建立的連線中使用。If your app depends on the use of a particular security level, you must explicitly specify that level and then check to be sure that it is actually in use on the established connection. 此外,您的程式碼應該設計為可在面對支援的通訊協定變更時穩定,因為這類變更通常會因為不太事先通知而進行,以減輕新興的威脅。Further, your code should be designed to be robust in the face of changes to which protocols are supported, as such changes are often made with little advance notice in order to mitigate emerging threats.

.NET Framework 4.6 包含新的安全性功能,可封鎖連接不安全的加密和雜湊演算法。The .NET Framework 4.6 includes a new security feature that blocks insecure cipher and hashing algorithms for connections. 透過 HttpClient、HttpWebRequest、FTPClient、、SslStream 等 Api 使用 TLS/SSL 的應用程式,以及以 .NET Framework 4.6 為目標的應用程式,預設會取得更安全的行為。Applications using TLS/SSL through APIs such as HttpClient, HttpWebRequest, FTPClient, SmtpClient, SslStream, etc. and targeting .NET Framework 4.6 get the more-secure behavior by default.

開發人員可能會想要選擇不使用這種行為,以便維持與現有 SSL3 服務或 TLS (含 RC4 服務)的互通性。Developers may want to opt out of this behavior in order to maintain interoperability with their existing SSL3 services OR TLS w/ RC4 services. 本文說明如何 修改您的程式碼,以停用新的行為。This article explains how to modify your code so that the new behavior is disabled.