Mono Now Comes With Support For TLS 1.2

The master branch of Mono now comes with support for TLS 1.2. This means that SslStream will now be using TLS 1.2 and uses HttpWebRequest for HTTPS endpoints, which also uses TLS 1.2 on the desktop.This goes on to bring TLS 1.2 to Mono on Unix/Linux in addition to Xamarin (Mac, iOS,tvOS), which had already been enabled, so as to use TLS 1.2, via the native Apple TLS stack.
 
In order to use this, you will need to install the fresh version of Mono and then either run the btls-cert-syncommand, which will go on to convert your existing list of the trusted certificates to the latest format (if you used cert-sync or mozroots in the past). The latest version of Mono now comes embedded with Google’s Boring SSL as the TLS implementation to use.
 
Last year, the company has gone on to complete C# implementation of TLS 1.2. However, the company was afraid of releasing a TLS stack, which was not audited. They state, “we were afraid of releasing a TLS stack that had not been audited, that might contain exploitable holes, and that we did not have the cryptographic chops to ensure that the implementation was bullet proof.”
 
The company has gone on to decide that rather than shipping a brand new TLS implementation, they would go on to use TLS implementation, which had been audited and was under an active development.
 
Hence, the company has gone ahead and picked Boring TLS, which is Google’s fork of OpenSSL. This is the stack, which goes on to power Android and Google Chrome, making the company feel ‘more comfortable, using this implementation than a brand new implementation.’
 
The company is also considering to add a --with-openssl-cert-directory= option to configure the script, so that Linux distributions that package Mono can pass a directory, which contains the trusted root certificates in the format expected by OpenSSL.