.net - Server Name Indication from C#

Question

As far as I can tell, there seems to be a big limitation in .NET in that there is no way using C# and .NET to make an TLS connection that uses Server Name Indication (SNI). Have I missed something or is my understanding correct?

Does anybody know if and how I could make an SNI connection using OpenSSL.NET, libcurl.NET or some other 3rd party .NET library? Some sample code would be very much appreciated.

Answer 1

In my .Net 4.5 project the following fails for a server using SNI:

var url = "https://www.somesite.com";
System.Net.WebClient client = new System.Net.WebClient();
client.Encoding = Encoding.UTF8;
var data = client.DownloadString(url);

But it works if explicitly specifying TLS1.2 by prefixing it with:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

The same applies to webrequest:

WebRequest request = WebRequest.Create("https://www.somesite.com");

and HttpRequestMessage:

var httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, "https://www.google.com");

They all need the protocol explicitly set to TLS 1.2 to work with an SNI server (this may have changed in newer .Net versions)