imageAs discussed before, Windows Phone Mango brought the socket support to Windows Phone app developers. Unfortunately  the platform doesn’t provide secure sockets (SSL socket) out of the box. Many applications nowadays require SSL socket and for example many IRC servers only allow secure socket connections.


Fortunately it is possible to get the SSL Socket support to Windows Phone with the help of an excellent OSS library “Bouncy Castle”. Bouncy Castle isn’t officially available for the Windows Phone but it’s possible to modify the code so that required parts for the SSL Socket support are available.

I have modified the code and packaged it with the SocketEx –library I blogged about a little while ago. Here’s an example of how to open a SSL Socket using the SocketEx:

        private SecureTcpClient CreateConnection()
            var connection = new SecureTcpClient(serverAddress, serverPort);

            return connection;

The SecureTcpClient inherits from the TcpClient so you should be able to just replace the TcpClient where needed.

Advanced usage

The SecureTcpClient works as wrapper around the TcpClient and Bouncy Castle. If more control is needed, you can create a normal connection through TcpClient and then “elevate” it to secure:

            var connection = new TcpClient("server", 443);

            var handler = new TlsProtocolHandler(connection.GetStream());
            handler.Connect(new LegacyTlsClient(new AlwaysValidVerifyer()));

This way it’s possible to for example to add some validation to the certificate the server sends. Other option is to provide the TlsClient to the SecureSockectConnection:

            var tlsClient = new LegacyTlsClient(new AlwaysValidVerifyer());
            var connection = new SecureTcpClient(serverAddress, serverPort, tlsClient);

Supported protocols

SecureTcpClient supports the TLS 1.0 (“SSL 3.1”) protocol. The following cipher suits are supported:


The client supports the simple TLS handshake where the server but not the client is authenticated. With some work it should be possible to get the SSL 3.0 support to Bouncy Castle, but TLS should be enough in most of the situations.

Sample and source code

The source code for SocketEx is available from GitHub. It comes with two examples: One for TcpClient and one for SecureTcpClient.


SocketEx.SecureTcpClient is also available from NuGet as a package SocketEx.SSL.


Comment by John

so what about the certificate?

Comment by John

sorry for my short comment....
Is there a way to consume web service with ssl without having one of the build-in/installed certificates on the server side?

Comment by John

Do you have any sample using this from a Windows Phone Project?

Comment by Ruslan

I'm using bouncy castle to decrypt message from server RSA encrypted with 1024 bit key. I have key in pem file. When i try to read pem file with Org.BouncyCastle.OpenSsl.PemReader.ReadObject() it throws TypeInitializationException. Help i can't understand what i'm doing wrong

Comment by Vyacheslav

Thanks for library. But how to get all page content from srver ? Now I can get only headers like in sample. Thank You/

Comment by David

Thanks for the library, awesome work :)

I would like to use your fantastic SocketEx.SSL library to connect to a SMTP server with TLS encryption. How can implement the TLS "switch" after sending STARTTLS command ...?

In WinRT and StreamSocket class I call the "UpgradeToSslAsync()" dedicated method, how can I obtain the same result with SocketEx..?

Thank you very much for your support !!!!
Best Regards,

Comment by Mikael Koskinen

Hi David,

I think you should be able to use the method shown in "Advanced usage" chapter where a connection is first created using TcpClient and then upgraded to secure:

var connection = new TcpClient("server", 443);
var handler = new TlsProtocolHandler(connection.GetStream());
handler.Connect(new LegacyTlsClient(new AlwaysValidVerifyer()));