Your custom delegate or null for the default behaviour.
This mechanism cannot be used to add new ciphers. Undefined ciphers will be ignored.
This API is only available in Mono and Xamarin products.
You can filter and/or re-order the ciphers suites that the SSL/TLS server will accept from a client. The first match for a supported client cipher suite will be used (so the order is important).
The following example removes weak (export) ciphers from the list that will be offered to the server.
C# Example
ServicePointManager.ClientCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
return from cipher in allCiphers where !cipher.Contains ("EXPORT")
select cipher;
};
Example: Use AES128 (preference) or AES256 (allowed) but no other ciphers.
C# Example
ServicePointManager.ClientCipherSuitesCallback += (SecurityProtocolType p, IEnumerable<string> allCiphers) => {
string prefix = p == SecurityProtocolType.Tls ? "TLS_" : "SSL_";
return new List<string> { prefix + "RSA_WITH_AES_128_CBC_SHA", prefix + "RSA_WITH_AES_256_CBC_SHA" };
};