Class SslOption

Namespace

RabbitMQ.Client

Assembly

RabbitMQ.Client.dll

Represents a set of configurable TLS options for a connection. Use this class to configure TLS version used, client certificate list or file location, peer certificate verification (validation) functions, expected server name (Subject Alternative Name or Common Name), and so on.

public class SslOption

Inheritance

object

SslOption

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Constructors

SslOption()

Constructs an SslOption with no parameters set.

public SslOption()

SslOption(string, string, bool)

Constructs an SslOption specifying both the server canonical name and the client's certificate path.

public SslOption(string serverName, string certificatePath = "", bool enabled = false)

Parameters

serverName string

certificatePath string

enabled bool

Properties

AcceptablePolicyErrors

Retrieve or set the set of TLS policy (peer verification) errors that are deemed acceptable.

public SslPolicyErrors AcceptablePolicyErrors { get; set; }

Property Value

SslPolicyErrors

CertPassphrase

Retrieve or set the client certificate passphrase.

public string? CertPassphrase { get; set; }

Property Value

string

CertPath

Retrieve or set the path to client certificate.

public string CertPath { get; set; }

Property Value

string

CertificateSelectionCallback

An optional client TLS certificate selection callback. If this is not specified, the first valid certificate found will be used.

public LocalCertificateSelectionCallback? CertificateSelectionCallback { get; set; }

Property Value

LocalCertificateSelectionCallback

CertificateValidationCallback

An optional peer verification (TLS certificate validation) callback. If this is not specified, the default callback will be used in conjunction with the AcceptablePolicyErrors property to determine if the peer's (server's) certificate should be considered valid (acceptable).

public RemoteCertificateValidationCallback? CertificateValidationCallback { get; set; }

Property Value

RemoteCertificateValidationCallback

Certs

Retrieve or set the X509CertificateCollection containing the client certificate. If no collection is set, the client will attempt to load one from the specified CertPath.

public X509CertificateCollection? Certs { get; set; }

Property Value

X509CertificateCollection

CheckCertificateRevocation

Attempts to check certificate revocation status. Default is false. Set to true to check peer certificate for revocation.

public bool CheckCertificateRevocation { get; set; }

Property Value

bool

Remarks

Uses the built-in .NET TLS implementation machinery for checking a certificate against certificate revocation lists.

Enabled

Controls if TLS should indeed be used. Set to false to disable TLS on the connection.

public bool Enabled { get; set; }

Property Value

bool

ServerName

Retrieve or set server's expected name. This MUST match the Subject Alternative Name (SAN) or CN on the peer's (server's) leaf certificate, otherwise the TLS connection will fail.

public string ServerName { get; set; }

Property Value

string

Version

Retrieve or set the TLS protocol version. The client will let the OS pick a suitable version by using None. If this option is disabled, e.g.see via app context, the client will attempt to fall back to TLSv1.2.

public SslProtocols Version { get; set; }

Property Value

SslProtocols

See Also

SslProtocols

https://www.rabbitmq.com/ssl.html#dotnet-client

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls?view=netframework-4.6.2

https://docs.microsoft.com/en-us/dotnet/api/system.security.authentication.sslprotocols?view=netframework-4.8