Any custom TLS client that has minor implementation of HTTP with custom cipher suite support?
As we all know, C# is one of the languages that cannot change cipher suites in the http client. I know they added support for it a while back, but it only works on linux. Don't know why they've yet to add a full implementation for it that supports windows.
A few years back, I found a library that utilized BouncyCastle.Crypto and had a partial implementation of HTTP. Enough to do basic POST and GET requests with custom cipher suite ordering. Unfortunately, I don't remember the library and was just wondering if anyone knows of any libraries that offer such functionality?
7 Replies
cc @GrabYourPitchforks
and maybe @Mihu cause it's about HttpClient
SslClientAuthenticationOptions.CipherSuitesPolicy Property (System....
Specifies the cipher suites allowed for TLS. When set to null, the operating system default is used. Use extreme caution when changing this setting.
Should work on both Linux + Win
There should be an extensibility hook on HttpClient which allows you to specify the client auth options, but the name of that hook escapes me at the moment. Miha would probably know for certain.
I'd ask Krzysztof then. Because there was definitely support for this added, including backporting to netfx 4.8.
I remember code reviewing it. 🙂
But mercifully I've brain dumped everything about it.
With bouncycastle you can create your own custom TLS client and implement the HTTP protocol yourself. They don't do it for you, they just handle the cryptography side of things for you. I can link you a few github projects that I found yesterday that demonstrate this.
I just find it weird that Microsoft themselves haven't added official support for this into HTTPClient. It's definitely possible since every other language offers it. Why can't C#? What's holding it back?
I'd recommend opening a discussion in dotnet/runtime if you want further assistance for this. The feature owners who are knowledgeable in this area are not on this Discord server.