Share via

Multiple HTTPs Requests

S Abijith 466 Reputation points
2024-12-20T07:04:45.51+00:00

Hello All,

We have a WPF application built on .Net Framework 4.8. This application communicates with an HTTPs server to perform a list of commands. These commands must be executed one after another and must not be sent in on go.

This communication is currently using 'Session Resumption' technique.

But now, we have a new requirement which is as below:

  • 'Session Resumption' must be forbidden.
  • Full handshake must be performed only once at the beginning of the connection (only for first command).
  • Subsequent full handshakes must be forbidden.

Is there any way that the above mentioned requirement can be satisfied? Please let us know.

Any help is appreciated!

Thank you in advance!!

Windows Presentation Foundation
Windows Presentation Foundation
A part of the .NET Framework that provides a unified programming model for building line-of-business desktop applications on Windows.
2,806 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
11,159 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jiale Xue - MSFT 48,441 Reputation points Microsoft Vendor
    2024-12-20T13:06:05.1566667+00:00

    Hi @S Abijith , Welcome to Microsoft Q&A,

    You can control session resumption by ensuring that TLS sessions are not cached. In .NET Framework 4.8, you can use ServicePointManager or HttpClientHandler to configure the connection behavior.

    Disable session caching by overriding the ServicePointManager setting.

    Use SslProtocols to specify only TLS protocols that do not have a session resumption mechanism (for example, TLS 1.2 or 1.3).

    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.CheckCertificateRevocationList = true;

    To ensure the full handshake only happens once:

    • Use HttpClient or HttpWebRequest to establish a connection with the server and perform a single HTTPS request.
    • The first request will perform a full handshake as part of establishing the TLS connection.

    Enable persistent connections to reuse the same TLS session for subsequent requests without re-establishing the handshake:

    • Make sure you include the Connection: Keep-Alive header in your request.
    • Use the same HttpClient instance for all subsequent requests to the server. This will reuse the established connection.
    var handler = new HttpClientHandler
{
    UseCookies = false,
    SslProtocols = System.Security.Authentication.SslProtocols.Tls12
};
var client = new HttpClient(handler)
{
    Timeout = TimeSpan.FromSeconds(100)
};
client.DefaultRequestHeaders.Connection.Add("Keep-Alive");

    Once a TLS session is established:

    • Do not explicitly close the connection.
    • Reuse the same connection for all subsequent commands.
    • Use ServicePoint to monitor the connection state to ensure it remains open:
    ServicePoint sp = ServicePointManager.FindServicePoint(new Uri("https://yourserver.com"));
sp.ConnectionLeaseTimeout = -1; // Keep connection alive indefinitely
sp.MaxIdleTime = 100000; // Set idle timeout

    Best Regards,

    Jiale

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.