Imported Upstream version 3.6.0

Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14
2014-08-13 10:39:27 +01:00
commit a575963da9
50588 changed files with 8155799 additions and 0 deletions
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Alert.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Alert.cs
@@ -0,0 +1,267 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+
+namespace Mono.Security.Protocol.Tls
+{
+	#region Enumerations
+
+	[Serializable]
+	internal enum AlertLevel : byte
+	{
+		Warning = 1,
+		Fatal	= 2
+	}
+
+	[Serializable]
+	internal enum AlertDescription : byte
+	{
+		CloseNotify				= 0,
+		UnexpectedMessage		= 10,
+		BadRecordMAC			= 20,
+		DecryptionFailed		= 21,
+		RecordOverflow			= 22,
+		DecompressionFailiure	= 30,
+		HandshakeFailiure		= 40,
+		NoCertificate			= 41,	// should be used in SSL3
+		BadCertificate			= 42,
+		UnsupportedCertificate	= 43,
+		CertificateRevoked		= 44,
+		CertificateExpired		= 45,
+		CertificateUnknown		= 46,
+		IlegalParameter			= 47,
+		UnknownCA				= 48,
+		AccessDenied			= 49,
+		DecodeError				= 50,
+		DecryptError			= 51,
+		ExportRestriction		= 60,
+		ProtocolVersion			= 70,
+		InsuficientSecurity		= 71,
+		InternalError			= 80,
+		UserCancelled			= 90,
+		NoRenegotiation			= 100
+	}
+
+	#endregion
+	
+	internal class Alert
+	{
+		#region Fields
+
+		private AlertLevel			level;
+		private AlertDescription	description;
+
+		#endregion
+
+		#region Properties
+
+		public AlertLevel Level
+		{
+			get { return this.level; }
+		}
+
+		public AlertDescription Description
+		{
+			get { return this.description; }
+		}
+
+		public string Message
+		{
+			get { return Alert.GetAlertMessage(this.description); }
+		}
+
+		public bool IsWarning
+		{
+			get { return this.level == AlertLevel.Warning ? true : false; }
+		}
+
+		/*
+		public bool IsFatal
+		{
+			get { return this.level == AlertLevel.Fatal ? true : false; }
+		}
+		*/
+
+		public bool IsCloseNotify
+		{
+			get
+			{
+				if (this.IsWarning &&
+					this.description == AlertDescription.CloseNotify)
+				{
+					return true;
+				}
+
+				return false;
+			}
+		}
+
+		#endregion
+
+		#region Constructors
+
+		public Alert(AlertDescription description)
+		{
+			this.inferAlertLevel();
+			this.description = description;
+		}
+
+		public Alert(
+			AlertLevel			level,
+			AlertDescription	description)
+		{
+			this.level			= level;
+			this.description	= description;
+		}
+
+		#endregion
+
+		#region Private Methods
+
+		private void inferAlertLevel()
+		{
+			switch (description)
+			{
+				case AlertDescription.CloseNotify:
+				case AlertDescription.NoRenegotiation:
+				case AlertDescription.UserCancelled:
+					this.level = AlertLevel.Warning;
+					break;
+
+				case AlertDescription.AccessDenied:
+				case AlertDescription.BadCertificate:
+				case AlertDescription.BadRecordMAC:
+				case AlertDescription.CertificateExpired:
+				case AlertDescription.CertificateRevoked:
+				case AlertDescription.CertificateUnknown:
+				case AlertDescription.DecodeError:
+				case AlertDescription.DecompressionFailiure:
+				case AlertDescription.DecryptError:
+				case AlertDescription.DecryptionFailed:
+				case AlertDescription.ExportRestriction:
+				case AlertDescription.HandshakeFailiure:
+				case AlertDescription.IlegalParameter:
+				case AlertDescription.InsuficientSecurity:
+				case AlertDescription.InternalError:
+				case AlertDescription.ProtocolVersion:
+				case AlertDescription.RecordOverflow:
+				case AlertDescription.UnexpectedMessage:
+				case AlertDescription.UnknownCA:
+				case AlertDescription.UnsupportedCertificate:
+				default:
+					this.level = AlertLevel.Fatal;
+					break;
+			}
+		}
+		
+		#endregion
+
+		#region Static Methods
+
+		public static string GetAlertMessage(AlertDescription description)
+		{
+			#if (DEBUG)
+			switch (description)
+			{
+				case AlertDescription.AccessDenied:
+					return "An inappropriate message was received.";
+
+				case AlertDescription.BadCertificate:
+					return "TLSCiphertext decrypted in an invalid way.";
+
+				case AlertDescription.BadRecordMAC:
+					return "Record with an incorrect MAC.";
+
+				case AlertDescription.CertificateExpired:
+					return "Certificate has expired or is not currently valid";
+
+				case AlertDescription.CertificateRevoked:
+					return "Certificate was revoked by its signer.";
+					
+				case AlertDescription.CertificateUnknown:
+					return "Certificate Unknown.";
+
+				case AlertDescription.CloseNotify:
+					return "Connection closed";
+
+				case AlertDescription.DecodeError:
+					return "A message could not be decoded because some field was out of the specified range or the length of the message was incorrect.";
+
+				case AlertDescription.DecompressionFailiure:
+					return "The decompression function received improper input (e.g. data that would expand to excessive length).";
+
+				case AlertDescription.DecryptError:
+					return "TLSCiphertext decrypted in an invalid way: either it wasn`t an even multiple of the block length or its padding values, when checked, weren`t correct.";
+
+				case AlertDescription.DecryptionFailed:
+					return "Handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate finished message.";
+
+				case AlertDescription.ExportRestriction:
+					return "Negotiation not in compliance with export restrictions was detected.";
+
+				case AlertDescription.HandshakeFailiure:
+					return "Unable to negotiate an acceptable set of security parameters given the options available.";
+
+				case AlertDescription.IlegalParameter:
+					return "A field in the handshake was out of range or inconsistent with other fields.";
+					
+				case AlertDescription.InsuficientSecurity:
+					return "Negotiation has failed specifically because the server requires ciphers more secure than those supported by the client.";
+					
+				case AlertDescription.InternalError:
+					return "Internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue.";
+
+				case AlertDescription.NoRenegotiation:
+					return "Invalid renegotiation.";
+
+				case AlertDescription.ProtocolVersion:
+					return "Unsupported protocol version.";
+
+				case AlertDescription.RecordOverflow:
+					return "Invalid length on TLSCiphertext record or TLSCompressed record.";
+
+				case AlertDescription.UnexpectedMessage:
+					return "Invalid message received.";
+
+				case AlertDescription.UnknownCA:
+					return "CA can't be identified as a trusted CA.";
+
+				case AlertDescription.UnsupportedCertificate:
+					return "Certificate was of an unsupported type.";
+
+				case AlertDescription.UserCancelled:
+					return "Handshake cancelled by user.";
+
+				default:
+					return "";
+			}
+			#else
+			return "The authentication or decryption has failed.";
+			#endif
+		}
+
+		#endregion
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ChangeLog
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ChangeLog
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherAlgorithmType.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherAlgorithmType.cs
@@ -0,0 +1,45 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+
+namespace Mono.Security.Protocol.Tls
+{
+#if INSIDE_SYSTEM
+	internal
+#else
+	[Serializable]
+	public
+#endif
+	enum CipherAlgorithmType
+	{
+		Des,
+		None,
+		Rc2,
+		Rc4,
+		Rijndael,
+		SkipJack,
+		TripleDes
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuite.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuite.cs
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteCollection.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteCollection.cs
@@ -0,0 +1,130 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+// Copyright 2013-2014 Xamarin Inc.
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Collections.Generic;
+
+namespace Mono.Security.Protocol.Tls {
+
+	internal sealed class CipherSuiteCollection : List<CipherSuite> {
+
+		#region Fields
+
+		SecurityProtocolType protocol;
+
+		#endregion
+
+		#region Indexers
+
+		public CipherSuite this [string name]  {
+			get {
+				int n = IndexOf (name);
+				return n == -1 ? null : this [n];
+			}
+		}
+
+		public CipherSuite this [short code] {
+			get {
+				int n = IndexOf (code);
+				return n == -1 ? null : this [n];
+			}
+		}
+
+		#endregion
+
+		#region Constructors
+
+		public CipherSuiteCollection (SecurityProtocolType protocol)
+		{
+			switch (protocol) {
+			case SecurityProtocolType.Default:
+			case SecurityProtocolType.Tls:
+			case SecurityProtocolType.Ssl3:
+				this.protocol = protocol;
+				break;
+			case SecurityProtocolType.Ssl2:
+			default:
+				throw new NotSupportedException ("Unsupported security protocol type.");
+			}
+		}
+
+		#endregion
+
+		#region Methods
+
+		public int IndexOf (string name)
+		{
+			int index = 0;
+			foreach (CipherSuite cipherSuite in this) {
+				if (String.CompareOrdinal (name, cipherSuite.Name) == 0)
+					return index;
+				index++;
+			}
+			return -1;
+		}
+
+		public int IndexOf (short code)
+		{
+			int index = 0;
+			foreach (CipherSuite cipherSuite in this) {
+				if (cipherSuite.Code == code)
+					return index;
+				index++;
+			}
+			return -1;
+		}
+
+		public void Add (
+			short code, string name, CipherAlgorithmType cipherType, 
+			HashAlgorithmType hashType, ExchangeAlgorithmType exchangeType,
+			bool exportable, bool blockMode, byte keyMaterialSize, 
+			byte expandedKeyMaterialSize, short effectiveKeyBytes, 
+			byte ivSize, byte blockSize)
+		{
+			switch (protocol) {
+			case SecurityProtocolType.Default:
+			case SecurityProtocolType.Tls:
+				Add (new TlsCipherSuite (code, name, cipherType, hashType, exchangeType, exportable, blockMode, 
+					keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize));
+				break;
+
+			case SecurityProtocolType.Ssl3:
+				Add (new SslCipherSuite (code, name, cipherType, hashType, exchangeType, exportable, blockMode, 
+					keyMaterialSize, expandedKeyMaterialSize, effectiveKeyBytes, ivSize, blockSize));
+				break;
+			}
+		}
+
+		public IList<string> GetNames ()
+		{
+			var list = new List<string> (Count);
+			foreach (CipherSuite cipherSuite in this)
+				list.Add (cipherSuite.Name);
+			return list;
+		}
+
+		#endregion
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteFactory.cs
@@ -0,0 +1,248 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+// Copyright 2013-2014 Xamarin Inc.
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Collections.Generic;
+using System.Reflection;
+using System.Net;
+
+namespace Mono.Security.Protocol.Tls
+{
+	internal static class CipherSuiteFactory
+	{
+#if !INSIDE_SYSTEM && !BOOTSTRAP_BASIC
+		static Type spm = typeof (ServicePointManager);
+		static PropertyInfo client_callback;
+		static PropertyInfo server_callback;
+#endif
+
+		public static CipherSuiteCollection GetSupportedCiphers (bool server, SecurityProtocolType protocol)
+		{
+			CipherSuiteCollection suites;
+			switch (protocol) {
+			case SecurityProtocolType.Default:
+			case SecurityProtocolType.Tls:				
+				suites = CipherSuiteFactory.GetTls1SupportedCiphers ();
+				break;
+			case SecurityProtocolType.Ssl3:
+				suites = CipherSuiteFactory.GetSsl3SupportedCiphers ();
+				break;
+			case SecurityProtocolType.Ssl2:
+			default:
+				throw new NotSupportedException ("Unsupported security protocol type");
+			}
+
+			IEnumerable<string> list = null;
+#if INSIDE_SYSTEM
+			// if SSL/TLS support is built-in System.dll (e.g. monotouch) then we can access ServicePointManager
+			// extension directly
+			var cb = server ? ServicePointManager.ServerCipherSuitesCallback : ServicePointManager.ClientCipherSuitesCallback;
+			if (cb == null)
+				return suites; // e.g. no callback was set
+
+			list = cb ((System.Net.SecurityProtocolType) (int) protocol, suites.GetNames ());
+#elif !BOOTSTRAP_BASIC
+			// Mono.Security must work on MS.NET so it cannot depend on any Mono-specific extensions
+			PropertyInfo pi = null;
+			if (server) {
+				if (server_callback == null)
+					server_callback = spm.GetProperty ("ServerCipherSuitesCallback", BindingFlags.Static | BindingFlags.Public);
+				pi = server_callback;
+			} else {
+				if (client_callback == null)
+					client_callback = spm.GetProperty ("ClientCipherSuitesCallback", BindingFlags.Static | BindingFlags.Public);
+				pi = client_callback;
+			}
+			if (pi == null)
+				return suites; // e.g. MS runtime - return every supported suites
+
+			var cb = (Delegate) pi.GetGetMethod ().Invoke (null, null);
+			if (cb == null)
+				return suites; // e.g. no callback was set - return every supported suites
+
+			list = (IEnumerable<string>) cb.DynamicInvoke (new object[] { 
+				(System.Net.SecurityProtocolType) (int) protocol, suites.GetNames () 
+			});
+#else
+			// TODO: right now the callback is only available when using System.Net.* types for SSL/TLS
+			return suites;
+#endif
+			CipherSuiteCollection allowed = new CipherSuiteCollection (protocol);
+			if (list != null) {
+				foreach (var name in list) {
+					// add any supported (ignore unknowns) ciphers requested by the callback
+					var cipher = suites [name];
+					if (cipher != null)
+						allowed.Add (cipher);
+				}
+			}
+			return allowed;
+		}
+
+		#region Private Static Methods
+
+		private static CipherSuiteCollection GetTls1SupportedCiphers()
+		{
+			CipherSuiteCollection scs = new CipherSuiteCollection(SecurityProtocolType.Tls);
+
+			// Supported ciphers
+			scs.Add((0x00 << 0x08) | 0x35, "TLS_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 32, 32, 256, 16, 16);
+			scs.Add((0x00 << 0x08) | 0x2F, "TLS_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 16, 16, 128, 16, 16);
+			scs.Add((0x00 << 0x08) | 0x0A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 24, 24, 168, 8, 8);
+			scs.Add((0x00 << 0x08) | 0x05, "TLS_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, false, 16, 16, 128, 0, 0);
+			scs.Add((0x00 << 0x08) | 0x04, "TLS_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, false, false, 16, 16, 128, 0, 0);
+			scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);
+			
+			// Supported exportable ciphers
+			scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+			scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+			scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
+			scs.Add((0x00 << 0x08) | 0x60, "TLS_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+			scs.Add((0x00 << 0x08) | 0x61, "TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
+			// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
+			scs.Add((0x00 << 0x08) | 0x62, "TLS_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8); 
+			scs.Add((0x00 << 0x08) | 0x64, "TLS_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+			
+			// Default CipherSuite
+			// scs.Add(0, "TLS_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
+			
+			// RSA Cipher Suites
+			// scs.Add((0x00 << 0x08) | 0x01, "TLS_RSA_WITH_NULL_MD5", CipherAlgorithmType.None, HashAlgorithmType.Md5, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x02, "TLS_RSA_WITH_NULL_SHA", CipherAlgorithmType.None, HashAlgorithmType.Sha1, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x03, "TLS_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x05, "TLS_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x04, "TLS_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);			
+			// scs.Add((0x00 << 0x08) | 0x06, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x07, "TLS_RSA_WITH_IDEA_CBC_SHA", "IDEA", HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x08, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x09, "TLS_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x0A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8);
+
+			// Diffie-Hellman Cipher Suites
+			// scs.Add((0x00 << 0x08) | 0x0B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x0C, "TLS_DH_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x0D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x0E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x0F, "TLS_DH_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x10, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x11, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x12, "TLS_DHE_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x13, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x14, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x15, "TLS_DHE_RSA_WITH_DES_CBC_SHA", HashAlgorithmType.Sha1, CipherAlgorithmType.Des, false, ExchangeAlgorithmType.DiffieHellman, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x16, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
+
+			// Anonymous Diffie-Hellman Cipher Suites
+			// scs.Add((0x00 << 0x08) | 0x17, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.DiffieHellman, true, false, 5, 16, 40, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x18, "TLS_DH_anon_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, false, ExchangeAlgorithmType.DiffieHellman, false, 16, 16, 128, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x19, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x1A, "TLS_DH_anon_WITH_DES_CBC_SHA", "DES4", HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x1B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
+
+			// AES CipherSuites
+			//
+			// Ref: RFC3268 - (http://www.ietf.org/rfc/rfc3268.txt)
+		
+			// scs.Add((0x00 << 0x08) | 0x2F, "TLS_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 16, 16);
+			// scs.Add((0x00 << 0x08) | 0x30, "TLS_DH_DSS_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x31, "TLS_DH_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x32, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x33, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x34, "TLS_DH_anon_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 16, 16, 128, 8, 8);
+
+			// scs.Add((0x00 << 0x08) | 0x35, "TLS_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 32, 32, 256, 16, 16);
+			// scs.Add((0x00 << 0x08) | 0x36, "TLS_DH_DSS_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);
+			// scs.Add((0x00 << 0x08) | 0x37, "TLS_DH_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);
+			// scs.Add((0x00 << 0x08) | 0x38, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);
+			// scs.Add((0x00 << 0x08) | 0x39, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);
+			// scs.Add((0x00 << 0x08) | 0x3A, "TLS_DH_anon_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 32, 32, 256, 16, 16);
+
+			return scs;
+		}
+
+		private static CipherSuiteCollection GetSsl3SupportedCiphers()
+		{
+			CipherSuiteCollection scs = new CipherSuiteCollection(SecurityProtocolType.Ssl3);
+
+			// Supported ciphers
+			scs.Add((0x00 << 0x08) | 0x35, "SSL_RSA_WITH_AES_256_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 32, 32, 256, 16, 16);
+			scs.Add((0x00 << 0x08) | 0x2F, "SSL_RSA_WITH_AES_128_CBC_SHA", CipherAlgorithmType.Rijndael, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 16, 16, 128, 16, 16);
+			scs.Add((0x00 << 0x08) | 0x0A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 24, 24, 168, 8, 8);
+			scs.Add((0x00 << 0x08) | 0x05, "SSL_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, false, 16, 16, 128, 0, 0);
+			scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, false, false, 16, 16, 128, 0, 0);
+			scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, false, true, 8, 8, 56, 8, 8);
+
+			// Supported exportable ciphers
+			scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+			scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+			scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 8, 40, 8, 8);
+			scs.Add((0x00 << 0x08) | 0x60, "SSL_RSA_EXPORT_WITH_RC4_56_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+			scs.Add((0x00 << 0x08) | 0x61, "SSL_RSA_EXPORT_WITH_RC2_CBC_56_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 7, 16, 56, 8, 8);
+			// 56 bits but we use 64 bits because of parity (DES is really 56 bits)
+			scs.Add((0x00 << 0x08) | 0x62, "SSL_RSA_EXPORT_WITH_DES_CBC_56_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, true, 8, 8, 64, 8, 8); 
+			scs.Add((0x00 << 0x08) | 0x64, "SSL_RSA_EXPORT_WITH_RC4_56_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyX, true, false, 7, 16, 56, 0, 0);
+
+			// Default CipherSuite
+			// scs.Add(0, "SSL_NULL_WITH_NULL_NULL", CipherAlgorithmType.None, HashAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
+			
+			// RSA Cipher Suites
+			// scs.Add((0x00 << 0x08) | 0x01, "SSL_RSA_WITH_NULL_MD5", CipherAlgorithmType.None, HashAlgorithmType.Md5, ExchangeAlgorithmType.None, true, false, 0, 0, 0, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x02, "SSL_RSA_WITH_NULL_SHA", CipherAlgorithmType.None, HashAlgorithmType.Sha1, true, ExchangeAlgorithmType.None, false, 0, 0, 0, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x03, "SSL_RSA_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, false, 5, 16, 40, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x05, "SSL_RSA_WITH_RC4_128_SHA", CipherAlgorithmType.Rc4, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x04, "SSL_RSA_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaSign, false, false, 16, 16, 128, 0, 0);			
+			// scs.Add((0x00 << 0x08) | 0x06, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", CipherAlgorithmType.Rc2, HashAlgorithmType.Md5, ExchangeAlgorithmType.RsaKeyX, true, true, 5, 16, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x07, "SSL_RSA_WITH_IDEA_CBC_SHA", "IDEA", HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 16, 16, 128, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x08, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaKeyEx, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x09, "SSL_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x0A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.RsaSign, false, true, 24, 24, 168, 8, 8);
+						
+			// Diffie-Hellman Cipher Suites
+			// scs.Add((0x00 << 0x08) | 0x0B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x0C, "SSL_DH_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x0D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x0E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x0F, "SSL_DH_RSA_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x10, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x11, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x12, "SSL_DHE_DSS_WITH_DES_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x13, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x14, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, true, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x15, "SSL_DHE_RSA_WITH_DES_CBC_SHA", HashAlgorithmType.Sha1, CipherAlgorithmType.Des, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x16, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
+
+			// Anonymous Diffie-Hellman Cipher Suites
+			// scs.Add((0x00 << 0x08) | 0x17, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, ExchangeAlgorithmType.DiffieHellman, true, false, 5, 16, 40, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x18, "SSL_DH_anon_WITH_RC4_128_MD5", CipherAlgorithmType.Rc4, HashAlgorithmType.Md5, false, ExchangeAlgorithmType.DiffieHellman, false, 16, 16, 128, 0, 0);
+			// scs.Add((0x00 << 0x08) | 0x19, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", CipherAlgorithmType.Des, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 5, 8, 40, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x1A, "SSL_DH_anon_WITH_DES_CBC_SHA", "DES4", HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 8, 8, 56, 8, 8);
+			// scs.Add((0x00 << 0x08) | 0x1B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", CipherAlgorithmType.TripleDes, HashAlgorithmType.Sha1, ExchangeAlgorithmType.DiffieHellman, false, true, 24, 24, 168, 8, 8);
+
+			return scs;
+		}
+
+		#endregion
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientContext.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientContext.cs
@@ -0,0 +1,82 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+namespace Mono.Security.Protocol.Tls
+{
+	internal class ClientContext : Context
+	{
+		#region Fields
+
+		private SslClientStream	sslStream;
+		private short			clientHelloProtocol;
+
+		#endregion
+
+		#region Properties
+
+		public SslClientStream SslStream
+		{
+			get { return this.sslStream; }
+		}
+
+		public short ClientHelloProtocol
+		{
+			get { return this.clientHelloProtocol; }
+			set { this.clientHelloProtocol = value; }
+		}
+
+		#endregion
+
+		#region Constructors
+
+		public ClientContext(
+			SslClientStream				stream,
+			SecurityProtocolType		securityProtocolType,
+			string						targetHost,
+			X509CertificateCollection	clientCertificates) 
+			: base(securityProtocolType)
+		{
+			this.sslStream						= stream;
+			this.ClientSettings.Certificates	= clientCertificates;
+			this.ClientSettings.TargetHost		= targetHost;
+		}
+
+		#endregion
+
+		#region Methods
+
+		public override void Clear()
+		{
+			this.clientHelloProtocol = 0;
+			base.Clear();
+		}
+
+		#endregion
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs
@@ -0,0 +1,179 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Globalization;
+using System.IO;
+
+using Mono.Security.Protocol.Tls.Handshake;
+using Mono.Security.Protocol.Tls.Handshake.Client;
+
+namespace Mono.Security.Protocol.Tls
+{
+	internal class ClientRecordProtocol : RecordProtocol
+	{
+		#region Constructors
+
+		public ClientRecordProtocol(
+			Stream			innerStream, 
+			ClientContext	context) : base(innerStream, context)
+		{
+		}
+
+		#endregion
+
+		#region Send Messages
+
+		public override HandshakeMessage GetMessage(HandshakeType type)
+		{
+			HandshakeMessage msg = this.createClientHandshakeMessage(type);
+
+			return msg;
+		}
+
+		#endregion
+
+		#region Handshake Processing Methods
+
+		protected override void ProcessHandshakeMessage(TlsStream handMsg)
+		{
+			HandshakeType		handshakeType	= (HandshakeType)handMsg.ReadByte();
+			HandshakeMessage	message			= null;
+
+			DebugHelper.WriteLine(">>>> Processing Handshake record ({0})", handshakeType);
+
+			// Read message length
+			int length = handMsg.ReadInt24();
+
+			// Read message data
+			byte[] data = null;
+			if (length > 0)
+			{
+				data = new byte[length];
+				handMsg.Read (data, 0, length);
+			}
+
+			// Create and process the server message
+			message = this.createServerHandshakeMessage(handshakeType, data);
+			if (message != null)
+			{
+				message.Process();
+			}
+
+			// Update the last handshake message
+			this.Context.LastHandshakeMsg = handshakeType;
+
+			// Update session
+			if (message != null)
+			{
+				message.Update();
+				this.Context.HandshakeMessages.WriteByte ((byte) handshakeType);
+				this.Context.HandshakeMessages.WriteInt24 (length);
+				if (length > 0) 
+				{
+					this.Context.HandshakeMessages.Write (data, 0, data.Length);
+				}
+			}
+		}
+
+		#endregion
+
+		#region Client Handshake Message Factories
+
+		private HandshakeMessage createClientHandshakeMessage(HandshakeType type)
+		{
+			switch (type)
+			{
+				case HandshakeType.ClientHello:
+					return new TlsClientHello(this.context);
+
+				case HandshakeType.Certificate:
+					return new TlsClientCertificate(this.context);
+
+				case HandshakeType.ClientKeyExchange:
+					return new TlsClientKeyExchange(this.context);
+
+				case HandshakeType.CertificateVerify:
+					return new TlsClientCertificateVerify(this.context);
+
+				case HandshakeType.Finished:
+					return new TlsClientFinished(this.context);
+
+				default:
+					throw new InvalidOperationException("Unknown client handshake message type: " + type.ToString() );
+			}
+		}
+
+		private HandshakeMessage createServerHandshakeMessage(
+			HandshakeType type, byte[] buffer)
+		{
+			ClientContext context = (ClientContext)this.context;
+
+			switch (type)
+			{
+				case HandshakeType.HelloRequest:
+					if (context.HandshakeState != HandshakeState.Started)
+					{
+						context.HandshakeState = HandshakeState.None;
+						// re-negotiation will occur at next read/write
+						// (i.e. not during an existing encode/decode op)
+					}
+					else
+					{
+						this.SendAlert(
+							AlertLevel.Warning,
+							AlertDescription.NoRenegotiation);
+					}
+					return null;
+
+				case HandshakeType.ServerHello:
+					return new TlsServerHello(this.context, buffer);
+
+				case HandshakeType.Certificate:
+					return new TlsServerCertificate(this.context, buffer);
+
+				case HandshakeType.ServerKeyExchange:
+					return new TlsServerKeyExchange(this.context, buffer);
+
+				case HandshakeType.CertificateRequest:
+					return new TlsServerCertificateRequest(this.context, buffer);
+
+				case HandshakeType.ServerHelloDone:
+					return new TlsServerHelloDone(this.context, buffer);
+
+				case HandshakeType.Finished:
+					return new TlsServerFinished(this.context, buffer);
+
+				default:
+					throw new TlsException(
+						AlertDescription.UnexpectedMessage,
+						String.Format(CultureInfo.CurrentUICulture,
+							"Unknown server handshake message received ({0})", 
+							type.ToString()));
+			}
+		}
+
+		#endregion
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientSessionCache.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ClientSessionCache.cs
@@ -0,0 +1,254 @@
+//
+// ClientSessionCache.cs: Client-side cache for re-using sessions
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2006 Novell (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Collections;
+
+namespace Mono.Security.Protocol.Tls {
+
+	internal class ClientSessionInfo : IDisposable {
+
+		// (by default) we keep this item valid for 3 minutes (if unused)
+		private const int DefaultValidityInterval = 3 * 60;
+		private static readonly int ValidityInterval;
+
+		private bool disposed;
+		private DateTime validuntil;
+		private string host;
+
+		// see RFC2246 - Section 7
+		private byte[] sid;
+		private byte[] masterSecret;
+
+		static ClientSessionInfo ()
+		{
+			string user_cache_timeout = Environment.GetEnvironmentVariable ("MONO_TLS_SESSION_CACHE_TIMEOUT");
+			if (user_cache_timeout == null) {
+				ValidityInterval = DefaultValidityInterval;
+			} else {
+				try {
+					ValidityInterval = Int32.Parse (user_cache_timeout);
+				}
+				catch {
+					ValidityInterval = DefaultValidityInterval;
+				}
+			}
+		}
+
+		public ClientSessionInfo (string hostname, byte[] id)
+		{
+			host = hostname;
+			sid = id;
+			KeepAlive ();
+		}
+
+		~ClientSessionInfo ()
+		{
+			Dispose (false);
+		}
+
+
+		public string HostName {
+			get { return host; }
+		}
+
+		public byte[] Id {
+			get { return sid; }
+		}
+
+		public bool Valid {
+			get { return ((masterSecret != null) && (validuntil > DateTime.UtcNow)); }
+		}
+
+
+		public void GetContext (Context context)
+		{
+			CheckDisposed ();
+			if (context.MasterSecret != null)
+				masterSecret = (byte[]) context.MasterSecret.Clone ();
+		}
+
+		public void SetContext (Context context)
+		{
+			CheckDisposed ();
+			if (masterSecret != null)
+				context.MasterSecret = (byte[]) masterSecret.Clone ();
+		}
+
+		public void KeepAlive ()
+		{
+			CheckDisposed ();
+			validuntil = DateTime.UtcNow.AddSeconds (ValidityInterval);
+		}
+
+		public void Dispose ()
+		{
+			Dispose (true);
+			GC.SuppressFinalize (this);
+		}
+
+		private void Dispose (bool disposing)
+		{
+			if (!disposed) {
+				validuntil = DateTime.MinValue;
+				host = null;
+				sid = null;
+
+				if (masterSecret != null) {
+					Array.Clear (masterSecret, 0, masterSecret.Length);
+					masterSecret = null;
+				}
+			}
+			disposed = true;
+		}
+
+		private void CheckDisposed ()
+		{
+			if (disposed) {
+				string msg = Locale.GetText ("Cache session information were disposed.");
+				throw new ObjectDisposedException (msg);
+			}
+		}
+	}
+
+	// note: locking is aggressive but isn't used often (and we gain much more :)
+	internal class ClientSessionCache {
+
+		static Hashtable cache;
+		static object locker;
+
+		static ClientSessionCache ()
+		{
+			cache = new Hashtable ();
+			locker = new object ();
+		}
+
+		// note: we may have multiple connections with a host, so 
+		// possibly multiple entries per host (each with a different 
+		// id), so we do not use the host as the hashtable key
+		static public void Add (string host, byte[] id)
+		{
+			lock (locker) {
+				string uid = BitConverter.ToString (id);
+				ClientSessionInfo si = (ClientSessionInfo) cache[uid];
+				if (si == null) {
+					cache.Add (uid, new ClientSessionInfo (host, id));
+				} else if (si.HostName == host) {
+					// we already have this and it's still valid
+					// on the server, so we'll keep it a little longer
+					si.KeepAlive ();
+				} else {
+					// it's very unlikely but the same session id 
+					// could be used by more than one host. In this
+					// case we replace the older one with the new one
+					si.Dispose ();
+					cache.Remove (uid);
+					cache.Add (uid, new ClientSessionInfo (host, id));
+				}
+			}
+		}
+
+		// return the first session us
+		static public byte[] FromHost (string host)
+		{
+			lock (locker) {
+				foreach (ClientSessionInfo si in cache.Values) {
+					if (si.HostName == host) {
+						if (si.Valid) {
+							// ensure it's still valid when we really need it
+							si.KeepAlive ();
+							return si.Id;
+						}
+					}
+				}
+				return null;
+			}
+		}
+
+		// only called inside the lock
+		static private ClientSessionInfo FromContext (Context context, bool checkValidity)
+		{
+			if (context == null)
+				return null;
+
+			byte[] id = context.SessionId;
+			if ((id == null) || (id.Length == 0))
+				return null;
+
+			// do we have a session cached for this host ?
+			string uid = BitConverter.ToString (id);
+
+			ClientSessionInfo si = (ClientSessionInfo) cache[uid];
+			if (si == null)
+				return null;
+
+			// In the unlikely case of multiple hosts using the same 
+			// session id, we just act like we do not know about it
+			if (context.ClientSettings.TargetHost != si.HostName)
+				return null;
+
+			// yes, so what's its status ?
+			if (checkValidity && !si.Valid) {
+				si.Dispose ();
+				cache.Remove (uid);
+				return null;
+			}
+
+			// ok, it make sense
+			return si;
+		}
+
+		static public bool SetContextInCache (Context context)
+		{
+			lock (locker) {
+				// Don't check the validity because the masterKey of the ClientSessionInfo
+				// can still be null when this is called the first time
+				ClientSessionInfo csi = FromContext (context, false);
+				if (csi == null)
+					return false;
+
+				csi.GetContext (context);
+				csi.KeepAlive ();
+				return true;
+			}
+		}
+
+		static public bool SetContextFromCache (Context context)
+		{
+			lock (locker) {
+				ClientSessionInfo csi = FromContext (context, true);
+				if (csi == null)
+					return false;
+
+				csi.SetContext (context);
+				csi.KeepAlive ();
+				return true;
+			}
+		}
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ContentType.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ContentType.cs
@@ -0,0 +1,37 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+
+namespace Mono.Security.Protocol.Tls
+{
+	[Serializable]
+	internal enum ContentType : byte
+	{
+		ChangeCipherSpec	= 20,
+		Alert				= 21,
+		Handshake			= 22,
+		ApplicationData		= 23,
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/Context.cs
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/DebugHelper.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/DebugHelper.cs
@@ -0,0 +1,95 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Diagnostics;
+
+namespace Mono.Security.Protocol.Tls
+{
+	internal class DebugHelper
+	{
+		private static bool isInitialized;
+
+		[Conditional("DEBUG")]
+		public static void Initialize()
+		{
+			if (!isInitialized)
+			{
+#if !NET_2_1
+				Debug.Listeners.Add(new TextWriterTraceListener(Console.Out));
+				// Debug.Listeners.Add(new TextWriterTraceListener(@"c:\ssl.log"));
+				Debug.AutoFlush = true;
+				Debug.Indent();
+#endif
+
+				isInitialized = true;
+			}
+		}
+
+		[Conditional("DEBUG")]
+		public static void WriteLine(string format, params object[] args)
+		{
+			Initialize();
+			Debug.WriteLine(String.Format(format, args));
+		}
+
+		[Conditional("DEBUG")]
+		public static void WriteLine(string message)
+		{
+			Initialize();
+			Debug.WriteLine(message);
+		}
+
+		[Conditional("DEBUG")]
+		public static void WriteLine(string message, byte[] buffer)
+		{
+			Initialize();
+			DebugHelper.WriteLine(String.Format("{0} ({1} bytes))", message, buffer.Length));
+			DebugHelper.WriteBuffer(buffer);
+		}
+
+		[Conditional("DEBUG")]
+		public static void WriteBuffer(byte[] buffer)
+		{
+			Initialize();
+			DebugHelper.WriteBuffer(buffer, 0, buffer.Length);
+		}
+
+		[Conditional("DEBUG")]
+		public static void WriteBuffer(byte[] buffer, int index, int length)
+		{
+			Initialize();
+			for (int i = index; i < length; i += 16)
+			{
+				int count = (length - i) >= 16 ? 16 : (length - i);
+				string buf = "";
+				for (int j = 0; j < count; j++)
+				{
+					buf += buffer[i + j].ToString("x2") + " ";
+				}
+				Debug.WriteLine(buf);
+			}
+		}
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ExchangeAlgorithmType.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/ExchangeAlgorithmType.cs
@@ -0,0 +1,43 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+
+namespace Mono.Security.Protocol.Tls
+{
+#if INSIDE_SYSTEM
+	internal
+#else
+	[Serializable]
+	public
+#endif
+	enum ExchangeAlgorithmType
+	{
+		DiffieHellman,
+		Fortezza,
+		None,
+		RsaKeyX,
+		RsaSign
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/HandshakeState.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/HandshakeState.cs
@@ -0,0 +1,36 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+
+namespace Mono.Security.Protocol.Tls
+{
+	[Serializable]
+	internal enum HandshakeState
+	{
+		None,
+		Started,
+		Finished
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/HashAlgorithmType.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/HashAlgorithmType.cs
@@ -0,0 +1,41 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+
+namespace Mono.Security.Protocol.Tls
+{
+#if INSIDE_SYSTEM
+	internal
+#else
+	[Serializable]
+	public
+#endif
+	enum HashAlgorithmType
+	{
+		Md5,
+		None,
+		Sha1
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/HttpsClientStream.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/HttpsClientStream.cs
@@ -0,0 +1,121 @@
+//
+// HttpsClientStream.cs: Glue between HttpWebRequest and SslClientStream to
+//      reduce reflection usage.
+//
+// Author:
+//      Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2007 Novell, Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.IO;
+using System.Net;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using SNS = System.Net.Security;
+using SNCX = System.Security.Cryptography.X509Certificates;
+
+namespace Mono.Security.Protocol.Tls {
+
+	// Note: DO NOT REUSE this class - instead use SslClientStream
+
+	internal class HttpsClientStream : SslClientStream {
+
+		private HttpWebRequest _request;
+		private int _status;
+
+		public HttpsClientStream (Stream stream, X509CertificateCollection clientCertificates,
+					HttpWebRequest request, byte [] buffer)
+			: base (stream, request.Address.Host, false, (Mono.Security.Protocol.Tls.SecurityProtocolType)
+				ServicePointManager.SecurityProtocol, clientCertificates)
+		{
+			// this constructor permit access to the WebRequest to call
+			// ICertificatePolicy.CheckValidationResult
+			 _request = request;
+			_status = 0;
+			if (buffer != null)
+				InputBuffer.Write (buffer, 0, buffer.Length);
+			// also saved from reflection
+			base.CheckCertRevocationStatus = ServicePointManager.CheckCertificateRevocationList;
+
+			ClientCertSelection += delegate (X509CertificateCollection clientCerts, X509Certificate serverCertificate,
+				string targetHost, X509CertificateCollection serverRequestedCertificates) {
+				return ((clientCerts == null) || (clientCerts.Count == 0)) ? null : clientCerts [0];
+			};
+			PrivateKeySelection += delegate (X509Certificate certificate, string targetHost) {
+				X509Certificate2 cert = (certificate as X509Certificate2);
+				return (cert == null) ? null : cert.PrivateKey;
+			};
+		}
+
+		public bool TrustFailure {
+			get { 
+				switch (_status) {
+				case -2146762486: // CERT_E_CHAINING		0x800B010A
+				case -2146762487: // CERT_E_UNTRUSTEDROOT	0x800B0109
+					return true;
+				default:
+					return false;
+				}
+			}
+		}
+
+		internal override bool RaiseServerCertificateValidation (X509Certificate certificate, int[] certificateErrors)
+		{
+			bool failed = (certificateErrors.Length > 0);
+			// only one problem can be reported by this interface
+			_status = ((failed) ? certificateErrors [0] : 0);
+
+#pragma warning disable 618
+			if (ServicePointManager.CertificatePolicy != null) {
+				ServicePoint sp = _request.ServicePoint;
+				bool res = ServicePointManager.CertificatePolicy.CheckValidationResult (sp, certificate, _request, _status);
+				if (!res)
+					return false;
+				failed = true;
+			}
+#pragma warning restore 618
+ 			if (HaveRemoteValidation2Callback)
+ 				return failed; // The validation already tried the 2.0 callback 
+ 
+			SNS.RemoteCertificateValidationCallback cb = ServicePointManager.ServerCertificateValidationCallback;
+			if (cb != null) {
+				SNS.SslPolicyErrors ssl_errors = 0;
+				foreach (int i in certificateErrors) {
+					if (i == (int)-2146762490) // TODO: is this what happens when the purpose is wrong?
+						ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNotAvailable;
+					else if (i == (int) -2146762481)
+						ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateNameMismatch;
+					else
+						ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
+				}
+				SNCX.X509Certificate2 cert2 = new SNCX.X509Certificate2 (certificate.GetRawCertData ());
+				SNCX.X509Chain chain = new SNCX.X509Chain ();
+				if (!chain.Build (cert2))
+					ssl_errors |= SNS.SslPolicyErrors.RemoteCertificateChainErrors;
+				return cb (_request, cert2, chain, ssl_errors);
+			}
+			return failed;
+		}
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RSASslSignatureDeformatter.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RSASslSignatureDeformatter.cs
@@ -0,0 +1,108 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Security.Cryptography;
+
+namespace Mono.Security.Protocol.Tls
+{
+	internal class RSASslSignatureDeformatter : AsymmetricSignatureDeformatter
+	{
+		#region Fields
+
+		private RSA				key;
+		private HashAlgorithm	hash;
+
+		#endregion
+
+		#region Constructors
+
+		public RSASslSignatureDeformatter()
+		{
+		}
+
+		public RSASslSignatureDeformatter(AsymmetricAlgorithm key)
+		{
+			this.SetKey(key);
+		}
+
+		#endregion
+
+		#region Methods
+
+		public override bool VerifySignature(
+			byte[] rgbHash,
+			byte[] rgbSignature)
+		{
+			if (this.key == null)
+			{
+				throw new CryptographicUnexpectedOperationException("The key is a null reference");
+			}
+			if (hash == null)
+			{
+				throw new CryptographicUnexpectedOperationException("The hash algorithm is a null reference.");
+			}
+			if (rgbHash == null)
+			{
+				throw new ArgumentNullException("The rgbHash parameter is a null reference.");
+			}
+
+			return Mono.Security.Cryptography.PKCS1.Verify_v15(
+				this.key,
+				this.hash,
+				rgbHash,
+				rgbSignature);
+		}
+
+		public override void SetHashAlgorithm(string strName)
+		{
+#if INSIDE_SYSTEM
+			hash = new Mono.Security.Cryptography.MD5SHA1 ();
+#else
+			switch (strName)
+			{
+				case "MD5SHA1":
+					this.hash = new Mono.Security.Cryptography.MD5SHA1();
+					break;
+
+				default:
+					this.hash = HashAlgorithm.Create(strName);
+					break;
+			}
+#endif
+		}
+
+		public override void SetKey(AsymmetricAlgorithm key)
+		{
+			if (!(key is RSA))
+			{
+				throw new ArgumentException("Specfied key is not an RSA key");
+			}
+
+			this.key = key as RSA;
+		}
+
+		#endregion
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RSASslSignatureFormatter.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RSASslSignatureFormatter.cs
@@ -0,0 +1,105 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Security.Cryptography;
+
+namespace Mono.Security.Protocol.Tls
+{
+	internal class RSASslSignatureFormatter : AsymmetricSignatureFormatter
+	{
+		#region Fields
+
+		private RSA				key;
+		private HashAlgorithm	hash;
+
+		#endregion
+
+		#region Constructors
+
+		public RSASslSignatureFormatter()
+		{
+		}
+
+		public RSASslSignatureFormatter(AsymmetricAlgorithm key)
+		{
+			this.SetKey(key);
+		}
+
+		#endregion
+
+		#region Methods
+
+		public override byte[] CreateSignature(byte[] rgbHash)
+		{
+			if (this.key == null)
+			{
+				throw new CryptographicUnexpectedOperationException("The key is a null reference");
+			}
+			if (hash == null)
+			{
+				throw new CryptographicUnexpectedOperationException("The hash algorithm is a null reference.");
+			}
+			if (rgbHash == null)
+			{
+				throw new ArgumentNullException("The rgbHash parameter is a null reference.");
+			}
+
+			return Mono.Security.Cryptography.PKCS1.Sign_v15(
+				this.key,
+				this.hash,
+				rgbHash);
+		}
+
+		public override void SetHashAlgorithm(string strName)
+		{
+#if INSIDE_SYSTEM
+			hash = new Mono.Security.Cryptography.MD5SHA1 ();
+#else
+			switch (strName)
+			{
+				case "MD5SHA1":
+					this.hash = new Mono.Security.Cryptography.MD5SHA1();
+					break;
+
+				default:
+					this.hash = HashAlgorithm.Create(strName);
+					break;
+			}
+#endif
+		}
+
+		public override void SetKey(AsymmetricAlgorithm key)
+		{
+			if (!(key is RSA))
+			{
+				throw new ArgumentException("Specfied key is not an RSA key");
+			}
+
+			this.key = key as RSA;
+		}
+
+		#endregion
+	}
+}
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs
--- a/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SecurityCompressionType.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SecurityCompressionType.cs
@@ -0,0 +1,42 @@
+// Transport Security Layer (TLS)
+// Copyright (c) 2003-2004 Carlos Guzman Alvarez
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+
+namespace Mono.Security.Protocol.Tls
+{
+	// Information about compression methods allowed by TLS
+	// can be found in:
+	//	draft-ietf-tls-compression-05.txt (http://www.ietf.org/internet-drafts/draft-ietf-tls-compression-05.txt)
+#if INSIDE_SYSTEM
+	internal
+#else
+	public
+#endif
+	enum SecurityCompressionType
+	{
+		None = 0,
+		Zlib = 1
+	}
+}
--- a/Show More
+++ b/Show More