[System]: New SslStream APIs from CoreFX. (#8665)

* Bring `SslClientAuthenticationOptions`, `SslServerAuthenticationOptions`
  and `SslApplicationProtocol` from CoreFX.

* SslStream: Added new public overloads from CoreFX:
  - All authentication methods have a new overload without the `SslProtocols` argument.
  - New `AuthenticateAsClientAsync(SslClientAuthenticationOptions,CancellationToken)`.
  - New `AuthenticateAsServerAsync(SslServerAuthenticationOptions,CancellationToken)`.
  - We now use `SecurityProtocol.SystemDefaultSecurityProtocols` (which is zero) as
    default value everywhere.

Everything below is internal:

* `Mono.Security.Interface`: Add internal `MonoServerCertificateSelectionCallback`,
  `IMonoAuthenticationOptions`, `IMonoSslClientAuthenticationOptions` and
  `IMonoSslServerAuthenticationOptions`.

* `Mono.Security.Interface.IMonoSslStream`: Add new overloads without the
  `SslProtocols` argument.

* `Mono.Security.Interface.IMonoSslStream2`: New internal interface, extending
  `IMonoSslStream` with the new internal APIs.

* `Mono.Net.Security`: New internal `MonoSslAuthenticationOptions`,
  `MonoSslClientAuthenticationOptions` and `MonoSslServerAuthenticationOptions`
  classes; these are just proxies for `SslClientAuthenticationOptions` and
  `SslServerAuthenticationOptions` (which unfortunately don't share a common
  base class).

* `Mono.Net.Security.MobileAuthenticatedStream`:
  - Implement `IMonoSslStream2`.
  - `ProcessAuthentication()` now takes `MonoSslAuthenticationOptions` instead
    of the old argument list, added `CancellationToken`.
  - All `IMonoSslStream` facing APIs now construct `MonoSslAuthenticationOptions`
    to pass it to `ProcessAuthentication()`.

* `Mono.Net.Security`: `MobileTlsContext` and `MobileTlsStream` now use
  `MonoSslAuthenticationOptions` to store all options.

Tests for the new APIs are in https://github.com/xamarin/web-tests/commit/fe347589326206f36d3cd42b59d305ff3c291857.

external/api-snapshot

@@ -1 +1 @@
-Subproject commit 156d07002d174454f2e3649e65e4a47195f3ef24
+Subproject commit 8b548930fcf23b9054886974e196fe344cd8e216

mcs/class/Mono.Security/Mono.Security.Interface/IMonoAuthenticationOptions.cs

@@ -0,0 +1,77 @@
+//
+// IMonoAuthenticationOptions.cs
+//
+// Author:
+//       Martin Baulig <[email protected]>
+//
+// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+using System;
+using System.IO;
+using System.Net;
+using System.Net.Security;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Principal;
+using System.Security.Cryptography;
+
+namespace Mono.Security.Interface
+{
+	delegate X509Certificate MonoServerCertificateSelectionCallback (object sender, string hostName);
+
+	interface IMonoAuthenticationOptions
+	{
+		bool AllowRenegotiation {
+			get; set;
+		}
+
+		RemoteCertificateValidationCallback RemoteCertificateValidationCallback { get; set; }
+
+		SslProtocols EnabledSslProtocols {
+			get; set;
+		}
+
+		EncryptionPolicy EncryptionPolicy {
+			get; set;
+		}
+
+		X509RevocationMode CertificateRevocationCheckMode {
+			get; set;
+		}
+	}
+
+	interface IMonoSslClientAuthenticationOptions : IMonoAuthenticationOptions
+	{
+		LocalCertificateSelectionCallback LocalCertificateSelectionCallback { get; set; }
+
+		string TargetHost { get; set; }
+
+		X509CertificateCollection ClientCertificates { get; set; }
+	}
+
+	interface IMonoSslServerAuthenticationOptions : IMonoAuthenticationOptions
+	{
+		bool ClientCertificateRequired { get; set; }
+
+		MonoServerCertificateSelectionCallback ServerCertificateSelectionCallback { get; set; }
+
+		X509Certificate ServerCertificate { get; set; }
+	}
+}

mcs/class/Mono.Security/Mono.Security.Interface/IMonoSslStream.cs

@@ -44,30 +44,42 @@ namespace Mono.Security.Interface
 
 		void AuthenticateAsClient (string targetHost);
 
+		void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation);
+
 		void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
 
 		IAsyncResult BeginAuthenticateAsClient (string targetHost, AsyncCallback asyncCallback, object asyncState);
 
+		IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
+
 		IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
 
 		void EndAuthenticateAsClient (IAsyncResult asyncResult);
 
 		void AuthenticateAsServer (X509Certificate serverCertificate);
 
+		void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation);
+
 		void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
 
 		IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState);
 
+		IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
+
 		IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
 
 		void EndAuthenticateAsServer (IAsyncResult asyncResult);
 
 		Task AuthenticateAsClientAsync (string targetHost);
 
+		Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation);
+
 		Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
 
 		Task AuthenticateAsServerAsync (X509Certificate serverCertificate);
 
+		Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation);
+
 		Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
 
 		int Read (byte[] buffer, int offset, int count);
@@ -197,5 +209,12 @@ namespace Mono.Security.Interface
 
 		MonoTlsConnectionInfo GetConnectionInfo ();
 	}
+
+	interface IMonoSslStream2 : IMonoSslStream
+	{
+		Task AuthenticateAsClientAsync (IMonoSslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken);
+
+		Task AuthenticateAsServerAsync (IMonoSslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken);
+	}
 }
 

mcs/class/Mono.Security/Mono.Security.csproj

@@ -152,6 +152,7 @@
     <Compile Include=".\Mono.Security.Interface\CipherSuiteCode.cs" />
     <Compile Include=".\Mono.Security.Interface\ExchangeAlgorithmType.cs" />
     <Compile Include=".\Mono.Security.Interface\HashAlgorithmType.cs" />
+    <Compile Include=".\Mono.Security.Interface\IMonoAuthenticationOptions.cs" />
     <Compile Include=".\Mono.Security.Interface\IMonoSslStream.cs" />
     <Compile Include=".\Mono.Security.Interface\MonoTlsConnectionInfo.cs" />
     <Compile Include=".\Mono.Security.Interface\MonoTlsProvider.cs" />

mcs/class/Mono.Security/Mono.Security.dll.sources

@@ -142,6 +142,7 @@
 ./Mono.Security.Interface/CipherSuiteCode.cs
 ./Mono.Security.Interface/ExchangeAlgorithmType.cs
 ./Mono.Security.Interface/HashAlgorithmType.cs
+./Mono.Security.Interface/IMonoAuthenticationOptions.cs
 ./Mono.Security.Interface/IMonoSslStream.cs
 ./Mono.Security.Interface/MonoTlsConnectionInfo.cs
 ./Mono.Security.Interface/MonoTlsProvider.cs

mcs/class/System/Mono.AppleTls/AppleTlsContext.cs

@@ -66,20 +66,16 @@ namespace Mono.AppleTls
 
 		Exception lastException;
 
-		public AppleTlsContext (
-			MobileAuthenticatedStream parent, bool serverMode, string targetHost,
-			SSA.SslProtocols enabledProtocols, X509Certificate serverCertificate,
-			X509CertificateCollection clientCertificates, bool askForClientCert)
-			: base (parent, serverMode, targetHost, enabledProtocols,
-				serverCertificate, clientCertificates, askForClientCert)
+		public AppleTlsContext (MobileAuthenticatedStream parent, MonoSslAuthenticationOptions options)
+			: base (parent, options)
 		{
 			handle = GCHandle.Alloc (this, GCHandleType.Weak);
 			readFunc = NativeReadCallback;
 			writeFunc = NativeWriteCallback;
 
 			if (IsServer) {
-				if (serverCertificate == null)
-					throw new ArgumentNullException ("serverCertificate");
+				if (LocalServerCertificate == null)
+					throw new ArgumentNullException (nameof (LocalServerCertificate));
 			}
 		}
 

mcs/class/System/Mono.AppleTls/AppleTlsStream.cs

@@ -37,15 +37,9 @@ namespace Mono.AppleTls
 		{
 		}
 
-		protected override MNS.MobileTlsContext CreateContext (
-			bool serverMode, string targetHost, SslProtocols enabledProtocols,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-			bool askForClientCert)
+		protected override MNS.MobileTlsContext CreateContext (MNS.MonoSslAuthenticationOptions options)
 		{
-			return new AppleTlsContext (
-				this, serverMode, targetHost,
-				enabledProtocols, serverCertificate,
-				clientCertificates, askForClientCert);
+			return new AppleTlsContext (this, options);
 		}
 	}
 }

mcs/class/System/Mono.Btls/MonoBtlsContext.cs

@@ -62,16 +62,11 @@ namespace Mono.Btls
 		bool isAuthenticated;
 		bool connected;
 
-		public MonoBtlsContext (
-			MNS.MobileAuthenticatedStream parent,
-			bool serverMode, string targetHost,
-			SslProtocols enabledProtocols, X509Certificate serverCertificate,
-			X509CertificateCollection clientCertificates, bool askForClientCert)
-			: base (parent, serverMode, targetHost, enabledProtocols,
-			        serverCertificate, clientCertificates, askForClientCert)
+		public MonoBtlsContext (MNS.MobileAuthenticatedStream parent, MNS.MonoSslAuthenticationOptions options)
+			: base (parent, options)
 		{
-			if (serverMode)
-				nativeServerCertificate = GetPrivateCertificate (serverCertificate);
+			if (IsServer)
+				nativeServerCertificate = GetPrivateCertificate (LocalServerCertificate);
 		}
 
 		static X509CertificateImplBtls GetPrivateCertificate (X509Certificate certificate)

mcs/class/System/Mono.Btls/MonoBtlsStream.cs

@@ -52,15 +52,9 @@ namespace Mono.Btls
 		{
 		}
 
-		protected override MNS.MobileTlsContext CreateContext (
-			bool serverMode, string targetHost, SslProtocols enabledProtocols,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-			bool askForClientCert)
+		protected override MNS.MobileTlsContext CreateContext (MNS.MonoSslAuthenticationOptions options)
 		{
-			return new MonoBtlsContext (
-				this, serverMode, targetHost,
-				enabledProtocols, serverCertificate,
-				clientCertificates, askForClientCert);
+			return new MonoBtlsContext (this, options);
 		}
 	}
 }

mcs/class/System/Mono.Net.Security/CallbackHelpers.cs

@@ -121,6 +121,21 @@ namespace Mono.Net.Security.Private
 			return (t, lc, rc, ai) => callback (t, lc, rc, ai);
 		}
 
+		internal static ServerCertificateSelectionCallback MonoToPublic (MSI.MonoServerCertificateSelectionCallback callback)
+		{
+			if (callback == null)
+				return null;
+
+			return (s, h) => callback (s, h);
+		}
+
+		internal static MSI.MonoServerCertificateSelectionCallback PublicToMono (ServerCertificateSelectionCallback callback)
+		{
+			if (callback == null)
+				return null;
+
+			return (s, h) => callback (s, h);
+		}
 	}
 }
 

mcs/class/System/Mono.Net.Security/LegacySslStream.cs

@@ -67,6 +67,7 @@ using System.Security.Cryptography.X509Certificates;
 using System.Security.Principal;
 using System.Security.Cryptography;
 
+using System.Threading;
 using System.Threading.Tasks;
 
 namespace Mono.Net.Security.Private
@@ -331,6 +332,11 @@ namespace Mono.Net.Security.Private
 			return BeginAuthenticateAsClient (targetHost, new X509CertificateCollection (), SslProtocols.Tls, false, asyncCallback, asyncState);
 		}
 
+		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
+		{
+			return BeginAuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
+		}
+
 		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
 		{
 			if (IsAuthenticated)
@@ -388,6 +394,11 @@ namespace Mono.Net.Security.Private
 			return BeginAuthenticateAsServer (serverCertificate, false, SslProtocols.Tls, false, asyncCallback, asyncState);
 		}
 
+		public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
+		{
+			return BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
+		}
+
 		public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
 		{
 			if (IsAuthenticated)
@@ -442,6 +453,11 @@ namespace Mono.Net.Security.Private
 			AuthenticateAsClient (targetHost, new X509CertificateCollection (), SslProtocols.Tls, false);
 		}
 
+		public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
+		{
+			AuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+		}
+
 		public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			EndAuthenticateAsClient (BeginAuthenticateAsClient (
@@ -453,6 +469,11 @@ namespace Mono.Net.Security.Private
 			AuthenticateAsServer (serverCertificate, false, SslProtocols.Tls, false);
 		}
 
+		public virtual void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
+		{
+			AuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+		}
+
 		public virtual void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			EndAuthenticateAsServer (BeginAuthenticateAsServer (
@@ -546,6 +567,11 @@ namespace Mono.Net.Security.Private
 			return Task.Factory.FromAsync (BeginAuthenticateAsClient, EndAuthenticateAsClient, targetHost, null);
 		}
 
+		public virtual Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
+		{
+			return AuthenticateAsClientAsync (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+		}
+
 		public virtual Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			var t = Tuple.Create (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, this);
@@ -561,6 +587,11 @@ namespace Mono.Net.Security.Private
 			return Task.Factory.FromAsync (BeginAuthenticateAsServer, EndAuthenticateAsServer, serverCertificate, null);
 		}
 
+		public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
+		{
+			return AuthenticateAsServerAsync (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+		}
+
 		public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			var t = Tuple.Create (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation, this);

mcs/class/System/Mono.Net.Security/MobileAuthenticatedStream.cs

@@ -35,7 +35,7 @@ using SslProtocols = System.Security.Authentication.SslProtocols;
 
 namespace Mono.Net.Security
 {
-	abstract class MobileAuthenticatedStream : AuthenticatedStream, MSI.IMonoSslStream
+	abstract class MobileAuthenticatedStream : AuthenticatedStream, MSI.IMonoSslStream2
 	{
 		/*
 		 * This is intentionally called `xobileTlsContext'.  It is a "dangerous" object
@@ -116,10 +116,6 @@ namespace Mono.Net.Security
 			return old ?? info;
 		}
 
-		SslProtocols DefaultProtocols {
-			get { return SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls; }
-		}
-
 		enum OperationType {
 			Read,
 			Write,
@@ -128,23 +124,49 @@ namespace Mono.Net.Security
 
 		public void AuthenticateAsClient (string targetHost)
 		{
-			AuthenticateAsClient (targetHost, new X509CertificateCollection (), DefaultProtocols, false);
+			AuthenticateAsClient (targetHost, new X509CertificateCollection (), SecurityProtocol.SystemDefaultSecurityProtocols, false);
+		}
+
+		public void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
+		{
+			AuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, false);
 		}
 
 		public void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
-			var task = ProcessAuthentication (true, false, targetHost, enabledSslProtocols, null, clientCertificates, false);
+			var options = new MonoSslClientAuthenticationOptions {
+				TargetHost = targetHost,
+				ClientCertificates = clientCertificates,
+				EnabledSslProtocols = enabledSslProtocols,
+				CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
+				EncryptionPolicy = EncryptionPolicy.RequireEncryption
+			};
+
+			var task = ProcessAuthentication (true, options, CancellationToken.None);
 			task.Wait ();
 		}
 
 		public IAsyncResult BeginAuthenticateAsClient (string targetHost, AsyncCallback asyncCallback, object asyncState)
 		{
-			return BeginAuthenticateAsClient (targetHost, new X509CertificateCollection (), DefaultProtocols, false, asyncCallback, asyncState);
+			return BeginAuthenticateAsClient (targetHost, new X509CertificateCollection (), SecurityProtocol.SystemDefaultSecurityProtocols, false, asyncCallback, asyncState);
+		}
+
+		public IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
+		{
+			return BeginAuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
 		}
 
 		public IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
 		{
-			var task = ProcessAuthentication (false, false, targetHost, enabledSslProtocols, null, clientCertificates, false);
+			var options = new MonoSslClientAuthenticationOptions {
+				TargetHost = targetHost,
+				ClientCertificates = clientCertificates,
+				EnabledSslProtocols = enabledSslProtocols,
+				CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
+				EncryptionPolicy = EncryptionPolicy.RequireEncryption
+			};
+
+			var task = ProcessAuthentication (false, options, CancellationToken.None);
 			return TaskToApm.Begin (task, asyncCallback, asyncState);
 		}
 
@@ -155,23 +177,49 @@ namespace Mono.Net.Security
 
 		public void AuthenticateAsServer (X509Certificate serverCertificate)
 		{
-			AuthenticateAsServer (serverCertificate, false, DefaultProtocols, false);
+			AuthenticateAsServer (serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false);
+		}
+
+		public void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
+		{
+			AuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
 		}
 
 		public void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
-			var task = ProcessAuthentication (true, true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);
+			var options = new MonoSslServerAuthenticationOptions {
+				ServerCertificate = serverCertificate,
+				ClientCertificateRequired = clientCertificateRequired,
+				EnabledSslProtocols = enabledSslProtocols,
+				CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
+				EncryptionPolicy = EncryptionPolicy.RequireEncryption
+			};
+
+			var task = ProcessAuthentication (true, options, CancellationToken.None);
 			task.Wait ();
 		}
 
 		public IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState)
 		{
-			return BeginAuthenticateAsServer (serverCertificate, false, DefaultProtocols, false, asyncCallback, asyncState);
+			return BeginAuthenticateAsServer (serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false, asyncCallback, asyncState);
+		}
+
+		public IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
+		{
+			return BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
 		}
 
 		public IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
 		{
-			var task = ProcessAuthentication (false, true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);
+			var options = new MonoSslServerAuthenticationOptions {
+				ServerCertificate = serverCertificate,
+				ClientCertificateRequired = clientCertificateRequired,
+				EnabledSslProtocols = enabledSslProtocols,
+				CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
+				EncryptionPolicy = EncryptionPolicy.RequireEncryption
+			};
+
+			var task = ProcessAuthentication (false, options, CancellationToken.None);
 			return TaskToApm.Begin (task, asyncCallback, asyncState);
 		}
 
@@ -182,22 +230,58 @@ namespace Mono.Net.Security
 
 		public Task AuthenticateAsClientAsync (string targetHost)
 		{
-			return ProcessAuthentication (false, false, targetHost, DefaultProtocols, null, null, false);
+			return AuthenticateAsClientAsync (targetHost, null, SecurityProtocol.SystemDefaultSecurityProtocols, false);
+		}
+
+		public Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
+		{
+			return AuthenticateAsClientAsync (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
 		}
 
 		public Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
-			return ProcessAuthentication (false, false, targetHost, enabledSslProtocols, null, clientCertificates, false);
+			var options = new MonoSslClientAuthenticationOptions {
+				TargetHost = targetHost,
+				ClientCertificates = clientCertificates,
+				EnabledSslProtocols = enabledSslProtocols,
+				CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
+				EncryptionPolicy = EncryptionPolicy.RequireEncryption
+			};
+
+			return ProcessAuthentication (false, options, CancellationToken.None);
+		}
+
+		public Task AuthenticateAsClientAsync (MSI.IMonoSslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)
+		{
+			return ProcessAuthentication (false, (MonoSslClientAuthenticationOptions)sslClientAuthenticationOptions, cancellationToken);
 		}
 
 		public Task AuthenticateAsServerAsync (X509Certificate serverCertificate)
 		{
-			return AuthenticateAsServerAsync (serverCertificate, false, DefaultProtocols, false);
+			return AuthenticateAsServerAsync (serverCertificate, false, SecurityProtocol.SystemDefaultSecurityProtocols, false);
+		}
+
+		public Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
+		{
+			return AuthenticateAsServerAsync (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
 		}
 
 		public Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
-			return ProcessAuthentication (false, true, string.Empty, enabledSslProtocols, serverCertificate, null, clientCertificateRequired);
+			var options = new MonoSslServerAuthenticationOptions {
+				ServerCertificate = serverCertificate,
+				ClientCertificateRequired = clientCertificateRequired,
+				EnabledSslProtocols = enabledSslProtocols,
+				CertificateRevocationCheckMode = checkCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
+				EncryptionPolicy = EncryptionPolicy.RequireEncryption
+			};
+
+			return ProcessAuthentication (false, options, CancellationToken.None);
+		}
+
+		public Task AuthenticateAsServerAsync (MSI.IMonoSslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken)
+		{
+			return ProcessAuthentication (false, (MonoSslServerAuthenticationOptions)sslServerAuthenticationOptions, cancellationToken);
 		}
 
 		public Task ShutdownAsync ()
@@ -219,18 +303,16 @@ namespace Mono.Net.Security
 			get { return this; }
 		}
 
-		async Task ProcessAuthentication (
-			bool runSynchronously, bool serverMode, string targetHost, SslProtocols enabledProtocols,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates, bool clientCertRequired)
+		async Task ProcessAuthentication (bool runSynchronously, MonoSslAuthenticationOptions options, CancellationToken cancellationToken)
 		{
-			if (serverMode) {
-				if (serverCertificate == null)
-					throw new ArgumentException (nameof (serverCertificate));
+			if (options.ServerMode) {
+				if (options.ServerCertificate == null)
+					throw new ArgumentException (nameof (options.ServerCertificate));
 			} else {
-				if (targetHost == null)
-					throw new ArgumentException (nameof (targetHost));
-				if (targetHost.Length == 0)
-					targetHost = "?" + Interlocked.Increment (ref uniqueNameInteger).ToString (NumberFormatInfo.InvariantInfo);
+				if (options.TargetHost == null)
+					throw new ArgumentException (nameof (options.TargetHost));
+				if (options.TargetHost.Length == 0)
+					options.TargetHost = "?" + Interlocked.Increment (ref uniqueNameInteger).ToString (NumberFormatInfo.InvariantInfo);
 			}
 
 			if (lastException != null)
@@ -254,13 +336,11 @@ namespace Mono.Net.Security
 					readBuffer.Reset ();
 					writeBuffer.Reset ();
 
-					xobileTlsContext = CreateContext (
-						serverMode, targetHost, enabledProtocols, serverCertificate,
-						clientCertificates, clientCertRequired);
+					xobileTlsContext = CreateContext (options);
 				}
 
 				try {
-					result = await asyncRequest.StartOperation (CancellationToken.None).ConfigureAwait (false);
+					result = await asyncRequest.StartOperation (cancellationToken).ConfigureAwait (false);
 				} catch (Exception ex) {
 					result = new AsyncProtocolResult (SetException (GetSSPIException (ex)));
 				}
@@ -278,10 +358,7 @@ namespace Mono.Net.Security
 				result.Error.Throw ();
 		}
 
-		protected abstract MobileTlsContext CreateContext (
-			bool serverMode, string targetHost, SSA.SslProtocols enabledProtocols,
-			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
-			bool askForClientCert);
+		protected abstract MobileTlsContext CreateContext (MonoSslAuthenticationOptions options);
 
 		public override IAsyncResult BeginRead (byte[] buffer, int offset, int count, AsyncCallback asyncCallback, object asyncState)
 		{

mcs/class/System/Mono.Net.Security/MobileTlsContext.cs

@@ -32,34 +32,26 @@ namespace Mono.Net.Security
 {
 	abstract class MobileTlsContext : IDisposable
 	{
-		MobileAuthenticatedStream parent;
-		bool serverMode;
-		string targetHost;
-		string serverName;
-		SslProtocols enabledProtocols;
-		X509Certificate serverCertificate;
-		X509CertificateCollection clientCertificates;
-		bool askForClientCert;
 		ICertificateValidator2 certificateValidator;
 
-		public MobileTlsContext (
-			MobileAuthenticatedStream parent, bool serverMode, string targetHost,
-			SslProtocols enabledProtocols, X509Certificate serverCertificate,
-			X509CertificateCollection clientCertificates, bool askForClientCert)
+		protected MobileTlsContext (MobileAuthenticatedStream parent, MonoSslAuthenticationOptions options)
 		{
-			this.parent = parent;
-			this.serverMode = serverMode;
-			this.targetHost = targetHost;
-			this.enabledProtocols = enabledProtocols;
-			this.serverCertificate = serverCertificate;
-			this.clientCertificates = clientCertificates;
-			this.askForClientCert = askForClientCert;
-
-			serverName = targetHost;
-			if (!string.IsNullOrEmpty (serverName)) {
-				var pos = serverName.IndexOf (':');
-				if (pos > 0)
-					serverName = serverName.Substring (0, pos);
+			Parent = parent;
+			IsServer = options.ServerMode;
+			EnabledProtocols = options.EnabledSslProtocols;
+
+			if (options.ServerMode) {
+				LocalServerCertificate = options.ServerCertificate;
+				AskForClientCertificate = options.ClientCertificateRequired;
+			} else {
+				ClientCertificates = options.ClientCertificates;
+				TargetHost = options.TargetHost;
+				ServerName = options.TargetHost;
+				if (!string.IsNullOrEmpty (ServerName)) {
+					var pos = ServerName.IndexOf (':');
+					if (pos > 0)
+						ServerName = ServerName.Substring (0, pos);
+				}
 			}
 
 			certificateValidator = CertificateValidationHelper.GetInternalValidator (
@@ -67,21 +59,17 @@ namespace Mono.Net.Security
 		}
 
 		internal MobileAuthenticatedStream Parent {
-			get { return parent; }
+			get;
 		}
 
-		public MonoTlsSettings Settings {
-			get { return parent.Settings; }
-		}
+		public MonoTlsSettings Settings => Parent.Settings;
 
-		public MonoTlsProvider Provider {
-			get { return parent.Provider; }
-		}
+		public MonoTlsProvider Provider => Parent.Provider;
 
 		[SD.Conditional ("MONO_TLS_DEBUG")]
 		protected void Debug (string message, params object[] args)
 		{
-			parent.Debug ("{0}: {1}", GetType ().Name, string.Format (message, args));
+			Parent.Debug ("{0}: {1}", GetType ().Name, string.Format (message, args));
 		}
 
 		public abstract bool HasContext {
@@ -93,45 +81,45 @@ namespace Mono.Net.Security
 		}
 
 		public bool IsServer {
-			get { return serverMode; }
+			get;
 		}
 
 		protected string TargetHost {
-			get { return targetHost; }
+			get;
 		}
 
 		protected string ServerName {
-			get { return serverName; }
+			get;
 		}
 
 		protected bool AskForClientCertificate {
-			get { return askForClientCert; }
+			get;
 		}
 
 		protected SslProtocols EnabledProtocols {
-			get { return enabledProtocols; }
+			get;
 		}
 
 		protected X509CertificateCollection ClientCertificates {
-			get { return clientCertificates; }
+			get;
 		}
 
 		protected void GetProtocolVersions (out TlsProtocolCode? min, out TlsProtocolCode? max)
 		{
-			if ((enabledProtocols & SslProtocols.Tls) != 0)
+			if ((EnabledProtocols & SslProtocols.Tls) != 0)
 				min = TlsProtocolCode.Tls10;
-			else if ((enabledProtocols & SslProtocols.Tls11) != 0)
+			else if ((EnabledProtocols & SslProtocols.Tls11) != 0)
 				min = TlsProtocolCode.Tls11;
-			else if ((enabledProtocols & SslProtocols.Tls12) != 0)
+			else if ((EnabledProtocols & SslProtocols.Tls12) != 0)
 				min = TlsProtocolCode.Tls12;
 			else
 				min = null;
 
-			if ((enabledProtocols & SslProtocols.Tls12) != 0)
+			if ((EnabledProtocols & SslProtocols.Tls12) != 0)
 				max = TlsProtocolCode.Tls12;
-			else if ((enabledProtocols & SslProtocols.Tls11) != 0)
+			else if ((EnabledProtocols & SslProtocols.Tls11) != 0)
 				max = TlsProtocolCode.Tls11;
-			else if ((enabledProtocols & SslProtocols.Tls) != 0)
+			else if ((EnabledProtocols & SslProtocols.Tls) != 0)
 				max = TlsProtocolCode.Tls10;
 			else
 				max = null;
@@ -148,7 +136,7 @@ namespace Mono.Net.Security
 		}
 
 		internal X509Certificate LocalServerCertificate {
-			get { return serverCertificate; }
+			get;
 		}
 
 		internal abstract bool IsRemoteCertificateAvailable {
@@ -195,11 +183,11 @@ namespace Mono.Net.Security
 			if (selected)
 				return certificate;
 
-			if (clientCertificates == null || clientCertificates.Count == 0)
+			if (ClientCertificates == null || ClientCertificates.Count == 0)
 				return null;
 
-			if (clientCertificates.Count == 1)
-				return clientCertificates [0];
+			if (ClientCertificates.Count == 1)
+				return ClientCertificates [0];
 
 			// FIXME: select onne.
 			throw new NotImplementedException ();

mcs/class/System/Mono.Net.Security/MonoSslAuthenticationOptions.cs

@@ -0,0 +1,87 @@
+//
+// MonoSslAuthenticationOptions.cs
+//
+// Author:
+//       Martin Baulig <[email protected]>
+//
+// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#if SECURITY_DEP
+
+#if MONO_SECURITY_ALIAS
+extern alias MonoSecurity;
+#endif
+
+#if MONO_SECURITY_ALIAS
+using MonoSecurity::Mono.Security.Interface;
+#else
+using Mono.Security.Interface;
+#endif
+#endif
+
+using System;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Authentication;
+
+namespace Mono.Net.Security
+{
+	abstract class MonoSslAuthenticationOptions : IMonoAuthenticationOptions
+	{
+		public abstract bool ServerMode {
+			get;
+		}
+
+		public abstract bool AllowRenegotiation {
+			get; set;
+		}
+
+		public abstract RemoteCertificateValidationCallback RemoteCertificateValidationCallback { get; set; }
+
+		public abstract SslProtocols EnabledSslProtocols {
+			get; set;
+		}
+
+		public abstract EncryptionPolicy EncryptionPolicy {
+			get; set;
+		}
+
+		public abstract X509RevocationMode CertificateRevocationCheckMode {
+			get; set;
+		}
+
+		public abstract string TargetHost {
+			get; set;
+		}
+
+		public abstract X509Certificate ServerCertificate {
+			get; set;
+		}
+
+		public abstract X509CertificateCollection ClientCertificates {
+			get; set;
+		}
+
+		public abstract bool ClientCertificateRequired {
+			get; set;
+		}
+	}
+}

mcs/class/System/Mono.Net.Security/MonoSslClientAuthenticationOptions.cs

@@ -0,0 +1,116 @@
+//
+// MonoSslClientAuthenticationOptions.cs
+//
+// Author:
+//       Martin Baulig <[email protected]>
+//
+// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#if SECURITY_DEP
+
+#if MONO_SECURITY_ALIAS
+extern alias MonoSecurity;
+#endif
+
+#if MONO_SECURITY_ALIAS
+using MonoSecurity::Mono.Security.Interface;
+#else
+using Mono.Security.Interface;
+#endif
+#endif
+
+using System;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Authentication;
+
+namespace Mono.Net.Security
+{
+	sealed class MonoSslClientAuthenticationOptions : MonoSslAuthenticationOptions, IMonoSslClientAuthenticationOptions
+	{
+		public SslClientAuthenticationOptions Options {
+			get;
+		}
+
+		public override bool ServerMode => false;
+
+		public MonoSslClientAuthenticationOptions (SslClientAuthenticationOptions options)
+		{
+			Options = options;
+		}
+
+		public MonoSslClientAuthenticationOptions ()
+		{
+			Options = new SslClientAuthenticationOptions ();
+		}
+
+		public override bool AllowRenegotiation {
+			get => Options.AllowRenegotiation;
+			set => Options.AllowRenegotiation = value;
+		}
+
+		public override RemoteCertificateValidationCallback RemoteCertificateValidationCallback {
+			get => Options.RemoteCertificateValidationCallback;
+			set => Options.RemoteCertificateValidationCallback = value;
+		}
+
+
+		public override X509RevocationMode CertificateRevocationCheckMode {
+			get => Options.CertificateRevocationCheckMode;
+			set => Options.CertificateRevocationCheckMode = value;
+		}
+
+		public override EncryptionPolicy EncryptionPolicy {
+			get => Options.EncryptionPolicy;
+			set => Options.EncryptionPolicy = value;
+		}
+
+		public override SslProtocols EnabledSslProtocols {
+			get => Options.EnabledSslProtocols;
+			set => Options.EnabledSslProtocols = value;
+		}
+
+		public LocalCertificateSelectionCallback LocalCertificateSelectionCallback {
+			get => Options.LocalCertificateSelectionCallback;
+			set => Options.LocalCertificateSelectionCallback = value;
+		}
+
+		public override string TargetHost {
+			get => Options.TargetHost;
+			set => Options.TargetHost = value;
+		}
+
+		public override bool ClientCertificateRequired {
+			get => throw new NotSupportedException ();
+			set => throw new NotSupportedException ();
+		}
+
+		public override X509CertificateCollection ClientCertificates {
+			get => Options.ClientCertificates;
+			set => Options.ClientCertificates = value;
+		}
+
+		public override X509Certificate ServerCertificate {
+			get => throw new NotSupportedException ();
+			set => throw new NotSupportedException ();
+		}
+	}
+}

mcs/class/System/Mono.Net.Security/MonoSslServerAuthenticationOptions.cs

@@ -0,0 +1,121 @@
+//
+// MonoSslServerAuthenticationOptions.cs
+//
+// Author:
+//       Martin Baulig <[email protected]>
+//
+// Copyright (c) 2018 Xamarin Inc. (http://www.xamarin.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#if SECURITY_DEP
+
+#if MONO_SECURITY_ALIAS
+extern alias MonoSecurity;
+#endif
+
+#if MONO_SECURITY_ALIAS
+using MonoSecurity::Mono.Security.Interface;
+#else
+using Mono.Security.Interface;
+#endif
+#endif
+
+using System;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Authentication;
+
+namespace Mono.Net.Security
+{
+	sealed class MonoSslServerAuthenticationOptions : MonoSslAuthenticationOptions, IMonoSslServerAuthenticationOptions
+	{
+		public SslServerAuthenticationOptions Options {
+			get;
+		}
+
+		public override bool ServerMode => true;
+
+		public MonoSslServerAuthenticationOptions (SslServerAuthenticationOptions options)
+		{
+			Options = options;
+		}
+
+		public MonoSslServerAuthenticationOptions ()
+		{
+			Options = new SslServerAuthenticationOptions ();
+		}
+
+		public override bool AllowRenegotiation {
+			get => Options.AllowRenegotiation;
+			set => Options.AllowRenegotiation = value;
+		}
+
+		public override RemoteCertificateValidationCallback RemoteCertificateValidationCallback {
+			get => Options.RemoteCertificateValidationCallback;
+			set => Options.RemoteCertificateValidationCallback = value;
+		}
+
+
+		public override X509RevocationMode CertificateRevocationCheckMode {
+			get => Options.CertificateRevocationCheckMode;
+			set => Options.CertificateRevocationCheckMode = value;
+		}
+
+		public override EncryptionPolicy EncryptionPolicy {
+			get => Options.EncryptionPolicy;
+			set => Options.EncryptionPolicy = value;
+		}
+
+		public override SslProtocols EnabledSslProtocols {
+			get => Options.EnabledSslProtocols;
+			set => Options.EnabledSslProtocols = value;
+		}
+
+		public override bool ClientCertificateRequired {
+			get => Options.ClientCertificateRequired;
+			set => Options.ClientCertificateRequired = value;
+		}
+
+		public ServerCertificateSelectionCallback ServerCertificateSelectionCallback {
+			get => Options.ServerCertificateSelectionCallback;
+			set => Options.ServerCertificateSelectionCallback = value;
+		}
+
+		MonoServerCertificateSelectionCallback IMonoSslServerAuthenticationOptions.ServerCertificateSelectionCallback {
+			get => Private.CallbackHelpers.PublicToMono (ServerCertificateSelectionCallback);
+			set => ServerCertificateSelectionCallback = Private.CallbackHelpers.MonoToPublic (value);
+		}
+
+		public override string TargetHost {
+			get => throw new NotSupportedException ();
+			set => throw new NotSupportedException ();
+		}
+
+		public override X509Certificate ServerCertificate {
+			get => Options.ServerCertificate;
+			set => Options.ServerCertificate = value;
+		}
+
+		public override X509CertificateCollection ClientCertificates {
+			get => throw new NotSupportedException ();
+			set => throw new NotSupportedException ();
+		}
+	}
+}

mcs/class/System/ReferenceSources/SR2.cs

@@ -15,4 +15,8 @@ partial class SR
 	public const string net_log_set_socketoption_reuseport_default_on = "net_log_set_socketoption_reuseport_default_on";
 	public const string net_log_set_socketoption_reuseport_not_supported = "net_log_set_socketoption_reuseport_not_supported";
 	public const string net_log_set_socketoption_reuseport = "net_log_set_socketoption_reuseport";
+
+	public const string net_ssl_app_protocols_invalid = "The application protocol list is invalid.";
+	public const string net_ssl_app_protocol_invalid = "The application protocol value is invalid.";
+	public const string net_conflicting_options = "The '{0}' option was already set in the SslStream constructor.";
 }

mcs/class/System/System.Net.Security/SslStream.cs

@@ -56,9 +56,10 @@ using MNS = Mono.Net.Security;
 
 namespace System.Net.Security
 {
+	public delegate X509Certificate ServerCertificateSelectionCallback (object sender, string hostName);
+
 	/*
-	 * These two are defined by the referencesource; add them heere to make
-	 * it easy to switch between the two implementations.
+	 * Internal delegates from the referencesource / corefx.
 	 */
 
 	internal delegate bool RemoteCertValidationCallback (
@@ -73,10 +74,15 @@ namespace System.Net.Security
 		X509Certificate remoteCertificate,
 		string[] acceptableIssuers);
 
+	internal delegate X509Certificate ServerCertSelectionCallback (string hostName);
+
 	public class SslStream : AuthenticatedStream
 	{
 #if SECURITY_DEP
 		MonoTlsProvider provider;
+		MonoTlsSettings settings;
+		RemoteCertificateValidationCallback validationCallback;
+		LocalCertificateSelectionCallback selectionCallback;
 		IMonoSslStream impl;
 
 		internal IMonoSslStream Impl {
@@ -86,6 +92,8 @@ namespace System.Net.Security
 			}
 		}
 
+		IMonoSslStream2 Impl2 => (IMonoSslStream2)Impl;
+
 		internal MonoTlsProvider Provider {
 			get {
 				CheckDisposed ();
@@ -107,7 +115,8 @@ namespace System.Net.Security
 			: base (innerStream, leaveInnerStreamOpen)
 		{
 			provider = GetProvider ();
-			impl = provider.CreateSslStreamInternal (this, innerStream, leaveInnerStreamOpen, null);
+			settings = MonoTlsSettings.CopyDefaultSettings ();
+			impl = provider.CreateSslStreamInternal (this, innerStream, leaveInnerStreamOpen, settings);
 		}
 
 		public SslStream (Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback)
@@ -119,15 +128,15 @@ namespace System.Net.Security
 			: base (innerStream, leaveInnerStreamOpen)
 		{
 			provider = GetProvider ();
-			var settings = MonoTlsSettings.CopyDefaultSettings ();
-			settings.RemoteCertificateValidationCallback = MNS.Private.CallbackHelpers.PublicToMono (userCertificateValidationCallback);
-			settings.ClientCertificateSelectionCallback = MNS.Private.CallbackHelpers.PublicToMono (userCertificateSelectionCallback);
+			settings = MonoTlsSettings.CopyDefaultSettings ();
+			SetAndVerifyValidationCallback (userCertificateValidationCallback);
+			SetAndVerifySelectionCallback (userCertificateSelectionCallback);
 			impl = provider.CreateSslStream (innerStream, leaveInnerStreamOpen, settings);
 		}
 
 		[MonoLimitation ("encryptionPolicy is ignored")]
 		public SslStream (Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback, LocalCertificateSelectionCallback userCertificateSelectionCallback, EncryptionPolicy encryptionPolicy)
-		: this (innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, userCertificateSelectionCallback)
+			: this (innerStream, leaveInnerStreamOpen, userCertificateValidationCallback, userCertificateSelectionCallback)
 		{
 		}
 
@@ -135,6 +144,7 @@ namespace System.Net.Security
 			: base (innerStream, leaveInnerStreamOpen)
 		{
 			this.provider = provider;
+			this.settings = settings.Clone ();
 			impl = provider.CreateSslStreamInternal (this, innerStream, leaveInnerStreamOpen, settings);
 		}
 
@@ -144,23 +154,51 @@ namespace System.Net.Security
 			return sslStream.Impl;
 		}
 
+		void SetAndVerifyValidationCallback (RemoteCertificateValidationCallback callback)
+		{
+			if (validationCallback == null) {
+				validationCallback = callback;
+				settings.RemoteCertificateValidationCallback = MNS.Private.CallbackHelpers.PublicToMono (callback);
+			} else if (callback != null && validationCallback != callback) {
+				throw new InvalidOperationException (SR.Format (SR.net_conflicting_options, nameof (RemoteCertificateValidationCallback)));
+			}
+		}
+
+		void SetAndVerifySelectionCallback (LocalCertificateSelectionCallback callback)
+		{
+			if (selectionCallback == null) {
+				selectionCallback = callback;
+				settings.ClientCertificateSelectionCallback = MNS.Private.CallbackHelpers.PublicToMono (callback);
+			} else if (callback != null && selectionCallback != callback) {
+				throw new InvalidOperationException (SR.Format (SR.net_conflicting_options, nameof (LocalCertificateSelectionCallback)));
+			}
+		}
+
 		public virtual void AuthenticateAsClient (string targetHost)
 		{
 			Impl.AuthenticateAsClient (targetHost);
 		}
 
+		public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
+		{
+			Impl.AuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+		}
+
 		public virtual void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			Impl.AuthenticateAsClient (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation);
 		}
 
-		// [HostProtection (ExternalThreading=true)]
 		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, AsyncCallback asyncCallback, object asyncState)
 		{
 			return Impl.BeginAuthenticateAsClient (targetHost, asyncCallback, asyncState);
 		}
 
-		// [HostProtection (ExternalThreading=true)]
+		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
+		{
+			return Impl.BeginAuthenticateAsClient (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
+		}
+
 		public virtual IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
 		{
 			return Impl.BeginAuthenticateAsClient (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation, asyncCallback, asyncState);
@@ -176,17 +214,26 @@ namespace System.Net.Security
 			Impl.AuthenticateAsServer (serverCertificate);
 		}
 
+		public virtual void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
+		{
+			Impl.AuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+		}
+
 		public virtual void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			Impl.AuthenticateAsServer (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation);
 		}
 
-		// [HostProtection (ExternalThreading=true)]
 		public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState)
 		{
 			return Impl.BeginAuthenticateAsServer (serverCertificate, asyncCallback, asyncState);
 		}
 
+		public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
+		{
+			return Impl.BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation, asyncCallback, asyncState);
+		}
+
 		public virtual IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState)
 		{
 			return Impl.BeginAuthenticateAsServer (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation, asyncCallback, asyncState);
@@ -197,33 +244,50 @@ namespace System.Net.Security
 			Impl.EndAuthenticateAsServer (asyncResult);
 		}
 
-		public TransportContext TransportContext {
-			get {
-				throw new NotSupportedException();
-			}
-		}
+		public TransportContext TransportContext => null;
 
-		// [HostProtection (ExternalThreading=true)]
 		public virtual Task AuthenticateAsClientAsync (string targetHost)
 		{
 			return Impl.AuthenticateAsClientAsync (targetHost);
 		}
 
+		public virtual Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation)
+		{
+			return Impl.AuthenticateAsClientAsync (targetHost, clientCertificates, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+		}
+
 		public virtual Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			return Impl.AuthenticateAsClientAsync (targetHost, clientCertificates, enabledSslProtocols, checkCertificateRevocation);
 		}
 
+		public Task AuthenticateAsClientAsync (SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)
+		{
+			SetAndVerifyValidationCallback (sslClientAuthenticationOptions.RemoteCertificateValidationCallback);
+			SetAndVerifySelectionCallback (sslClientAuthenticationOptions.LocalCertificateSelectionCallback);
+			return Impl2.AuthenticateAsClientAsync (new MNS.MonoSslClientAuthenticationOptions (sslClientAuthenticationOptions), cancellationToken);
+		}
+
 		public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate)
 		{
 			return Impl.AuthenticateAsServerAsync (serverCertificate);
 		}
 
+		public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, bool checkCertificateRevocation)
+		{
+			return Impl.AuthenticateAsServerAsync (serverCertificate, clientCertificateRequired, SecurityProtocol.SystemDefaultSecurityProtocols, checkCertificateRevocation);
+		}
+
 		public virtual Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation)
 		{
 			return Impl.AuthenticateAsServerAsync (serverCertificate, clientCertificateRequired, enabledSslProtocols, checkCertificateRevocation);
 		}
 
+		public Task AuthenticateAsServerAsync (SslServerAuthenticationOptions sslServerAuthenticationOptions, CancellationToken cancellationToken)
+		{
+			return Impl2.AuthenticateAsServerAsync (new MNS.MonoSslServerAuthenticationOptions (sslServerAuthenticationOptions), cancellationToken);
+		}
+
 		public virtual Task ShutdownAsync ()
 		{
 			return Impl.ShutdownAsync ();

mcs/class/System/System.csproj

@@ -1017,6 +1017,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.CodeDom\src\Microsoft\CSharp\CSharpCodeGenerator.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.CodeDom\src\Microsoft\CSharp\CSharpCodeProvider.cs" />
@@ -1138,6 +1139,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunner.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunnerFactory.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\RegexCompiler.cs" />
@@ -1207,6 +1212,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -1445,6 +1453,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -1454,6 +1463,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunner.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunnerFactory.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\RegexCompiler.cs" />
@@ -1470,6 +1483,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -1518,6 +1534,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -1527,6 +1544,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPClient.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPListener.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\UDPClient.cs" />
@@ -1538,6 +1559,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -1585,6 +1609,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -1594,6 +1619,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPClient.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPListener.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\UDPClient.cs" />
@@ -1605,6 +1634,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -1706,6 +1738,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -1715,6 +1748,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPClient.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPListener.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\UDPClient.cs" />
@@ -1726,6 +1763,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -1773,6 +1813,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -1782,6 +1823,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPClient.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPListener.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\UDPClient.cs" />
@@ -1793,6 +1838,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -1840,6 +1888,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -1849,6 +1898,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunner.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunnerFactory.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\RegexCompiler.cs" />
@@ -1864,6 +1917,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -1911,6 +1967,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -1920,6 +1977,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPClient.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPListener.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\UDPClient.cs" />
@@ -1931,6 +1992,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -1978,6 +2042,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -1987,6 +2052,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPClient.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPListener.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\UDPClient.cs" />
@@ -1998,6 +2067,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -2045,6 +2117,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -2054,6 +2127,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunner.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunnerFactory.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\RegexCompiler.cs" />
@@ -2069,6 +2146,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -2132,6 +2212,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.OSX.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.CodeDom\src\Microsoft\CSharp\CSharpCodeGenerator.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.CodeDom\src\Microsoft\CSharp\CSharpCodeProvider.cs" />
@@ -2253,6 +2334,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunner.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunnerFactory.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\RegexCompiler.cs" />
@@ -2322,6 +2407,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -2560,6 +2648,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -2569,6 +2658,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPClient.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPListener.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\UDPClient.cs" />
@@ -2580,6 +2673,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -2625,6 +2721,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -2634,6 +2731,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunner.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\CompiledRegexRunnerFactory.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Text.RegularExpressions\src\System\Text\RegularExpressions\RegexCompiler.cs" />
@@ -2649,6 +2750,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />
@@ -2696,6 +2800,7 @@
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\ContextAwareResult.Unix.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\HttpValidationHelpers.cs" />
+    <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\Security\SslClientAuthenticationOptionsExtensions.cs" />
     <Compile Include="..\..\..\external\corefx\src\Common\src\System\Net\TlsStream.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.IO.FileSystem.Watcher\src\System\IO\FileSystemWatcher.UnknownUnix.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.HttpListener\src\System\Net\WebSockets\HttpListenerWebSocketContext.cs" />
@@ -2705,6 +2810,10 @@
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebRequest.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\FtpWebResponse.cs" />
     <Compile Include="..\..\..\external\corefx\src\System.Net.Requests\src\System\Net\NetworkStreamWrapper.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslApplicationProtocol.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslClientAuthenticationOptions.cs" />
+    <Compile Include="..\..\..\external\corefx\src\System.Net.Security\src\System\Net\Security\SslServerAuthenticationOptions.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPClient.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\TCPListener.cs" />
     <Compile Include="..\referencesource\System\net\System\Net\Sockets\UDPClient.cs" />
@@ -2716,6 +2825,9 @@
     <Compile Include="Mono.Net.Security\LegacyTlsProvider.cs" />
     <Compile Include="Mono.Net.Security\MobileAuthenticatedStream.cs" />
     <Compile Include="Mono.Net.Security\MobileTlsContext.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslClientAuthenticationOptions.cs" />
+    <Compile Include="Mono.Net.Security\MonoSslServerAuthenticationOptions.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsProviderFactory.cs" />
     <Compile Include="Mono.Net.Security\MonoTlsStream.cs" />
     <Compile Include="Mono.Net.Security\NoReflectionHelper.cs" />

mcs/class/System/common_networking.sources

@@ -8,6 +8,9 @@ Mono.Net.Security/LegacySslStream.cs
 Mono.Net.Security/LegacyTlsProvider.cs
 Mono.Net.Security/MobileAuthenticatedStream.cs
 Mono.Net.Security/MobileTlsContext.cs
+Mono.Net.Security/MonoSslAuthenticationOptions.cs
+Mono.Net.Security/MonoSslClientAuthenticationOptions.cs
+Mono.Net.Security/MonoSslServerAuthenticationOptions.cs
 Mono.Net.Security/MonoTlsProviderFactory.cs
 Mono.Net.Security/MonoTlsStream.cs
 Mono.Net.Security/NoReflectionHelper.cs
@@ -66,3 +69,9 @@ System.Net/FixedSizeReadStream.cs
 
 ../../../external/corefx/src/Common/src/System/Net/HttpValidationHelpers.cs
 ../../../external/corefx/src/System.Net.HttpListener/src/System/Net/WebSockets/HttpListenerWebSocketContext.cs
+
+../../../external/corefx/src/Common/src/System/Net/Security/SslClientAuthenticationOptionsExtensions.cs
+../../../external/corefx/src/System.Net.Security/src/System/Net/Security/SslClientAuthenticationOptions.cs
+../../../external/corefx/src/System.Net.Security/src/System/Net/Security/SslServerAuthenticationOptions.cs
+../../../external/corefx/src/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs
+../../../external/corefx/src/System.Net.Security/src/System/Net/Security/SslApplicationProtocol.cs