I do not recommend OpenSSL for .NET, because it is written in C and does not have a prewritten P/Invoke wrapper assembly.
There exist native .NET assemblies that do not require P/Invoke; one that I like is the BouncyCastle C# API (written for .NET 2.0, but compilable on .NET 2.0 and later). It is available at http://www.bouncycastle.org/csharp/ . Because it runs on the Common Language Runtime, though, it does not require C# for its client code. As much as I dislike recommending people away from OpenSSL on the OpenSSL lists, I must acknowledge that OpenSSL is not a good option for the CLR (which is implemented by .NET, as well as Mono). It would be appropriate for transitioning an existing codebase from C++ to Managed C++, but not much more than that. If you need a FIPS-certified* library, it would make sense to use OpenSSL and invest the time and effort to create the P/Invoke wrapper, because BouncyCastle C# does not carry a FIPS certificate. -Kyle H *: Steve Marquess, before you say "it's not a certification, it's a validation," please consider this. Most of your (and the OpenSSL team's) effort goes into proving that it can be validated by the CMVP, so your focus is always on the validation. But, the ultimate procurement requirement is for a module with a certificate issued by NIST, and even a validated and certified module may have its certificate revoked. The NIST certificate for modules which have passed FIPS 140-2 validation thus functions as and is indistinguishable from a FIPS certification, so I use "FIPS-certified" as the appropriate adjective. On Mon, Apr 21, 2014 at 10:54 AM, Edward Ned Harvey (openssl) <open...@nedharvey.com> wrote: > At work, we develop software in .NET, currently using the built-in SslStream > class, and I'm considering abandoning it. > > > > Is Openssl recommended for SSL/TLS communications in .NET? And if so, > should I just download the win binaries from > http://slproweb.com/products/Win32OpenSSL.html ? > > > > I'm interested in a redistributable library package. Not looking for > openssl command line utility. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
