@@ -75,12 +75,12 @@ public SslOption()
7575 }
7676
7777 /// <summary>
78- /// Retrieve or set the set of TLS policy errors that are deemed acceptable.
78+ /// Retrieve or set the set of TLS policy (peer verification) errors that are deemed acceptable.
7979 /// </summary>
8080 public SslPolicyErrors AcceptablePolicyErrors { get ; set ; }
8181
8282 /// <summary>
83- /// Retrieve or set the path to client certificate.
83+ /// Retrieve or set the client certificate passphrase .
8484 /// </summary>
8585 public string CertPassphrase { get ; set ; }
8686
@@ -90,15 +90,15 @@ public SslOption()
9090 public string CertPath { get ; set ; }
9191
9292 /// <summary>
93- /// An optional client specified TLS certificate selection callback. If this is not specified,
93+ /// An optional client TLS certificate selection callback. If this is not specified,
9494 /// the first valid certificate found will be used.
9595 /// </summary>
9696 public LocalCertificateSelectionCallback CertificateSelectionCallback { get ; set ; }
9797
9898 /// <summary>
99- /// An optional client specified TLS certificate validation callback. If this is not specified,
99+ /// An optional peer verification ( TLS certificate validation) callback. If this is not specified,
100100 /// the default callback will be used in conjunction with the <see cref="AcceptablePolicyErrors"/> property to
101- /// determine if the remote server certificate is valid.
101+ /// determine if the peer's ( server's) certificate should be considered valid (acceptable) .
102102 /// </summary>
103103 public RemoteCertificateValidationCallback CertificateValidationCallback { get ; set ; }
104104
@@ -128,25 +128,37 @@ public X509CertificateCollection Certs
128128 }
129129
130130 /// <summary>
131- /// Attempts to check certificate revocation status. Default is false. True if peer certificate should be
132- /// checked for revocation, false otherwise .
131+ /// Attempts to check certificate revocation status. Default is false.
132+ /// Set to true to check peer certificate for revocation .
133133 /// </summary>
134- /// <remarks>Uses the built-in .NET mechanics for checking a certificate against CRLs.</remarks>
134+ /// <remarks>
135+ /// Uses the built-in .NET TLS implementation machinery for checking a certificate against
136+ /// certificate revocation lists.
137+ /// </remarks>
135138 public bool CheckCertificateRevocation { get ; set ; }
136139
137140 /// <summary>
138- /// Flag specifying if TLS should indeed be used.
141+ /// Controls if TLS should indeed be used. Set to false to disable TLS
142+ /// on the connection.
139143 /// </summary>
140144 public bool Enabled { get ; set ; }
141145
142146 /// <summary>
143- /// Retrieve or set server's Canonical Name.
144- /// This MUST match the Subject Alternative Name or CN on the Certificate else the TLS connection will fail.
147+ /// Retrieve or set server's expected name.
148+ /// This MUST match the Subject Alternative Name (SAN) or CN on the peer's (server's) leaf certificate,
149+ /// otherwise the TLS connection will fail.
145150 /// </summary>
146151 public string ServerName { get ; set ; }
147152
148153 /// <summary>
149- /// Retrieve or set the Ssl protocol version.
154+ /// Retrieve or set the TLS protocol version.
155+ /// The client will let the OS pick a suitable version by using <see cref="SslProtocols.None" />.
156+ /// If this option is disabled, e.g.see via app context, the client will attempt to fall back
157+ /// to TLSv1.2 (<see cref="SslProtocols.Tls12" />).
158+ /// <see cref="System.Security.Authentication.SslProtocols" />
159+ /// <see href="https://www.rabbitmq.com/ssl.html#dotnet-client" />
160+ /// <see href="https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls?view=netframework-4.6.2" />
161+ /// <see href="https://docs.microsoft.com/en-us/dotnet/api/system.security.authentication.sslprotocols?view=netframework-4.8" />
150162 /// </summary>
151163 public SslProtocols Version { get ; set ; }
152164
0 commit comments