I’ve updated my previous post “The many flavors of HttpClient” with current information on everything you need to know about HttpClient on Xamarin.
Tag Archives: HttpClient
The many flavors of HttpClient
HttpClientHandler
When using Xamarin, you can use the standard .NET HttpClient
. By default, HttpClient is Mono’s complete reimplementation of the entire HTTP stack. It is sufficient for many use cases but there are other alternatives out there that can be defined by selecting an alternative HttpClientHandler
. For my Evolve talk, I put together an overview of the different HttpClientHandlers you can use:
CFNetworkHandler
(iOS 6+) and the new NSUrlSessionHandler
(iOS 7+, starting with Xamarin.iOS 9.8) are the handlers that utilize Apple’s native APIs instead of the Mono implementation. You can define which handler the HttpClient
default constructor will use either in the IDE or by providing an argument to mtouch
(e.g., --http-message-handler=NSUrlSessionHandler
).
For Android, there is now AndroidClientHandler
(starting with Xamarin.Android 6.1). There is no IDE option for defining the default handler yet but you can define it using the @(AndroidEnvironment)
build action on a text file in your Android project to define an environment variable XA_HTTP_CLIENT_HANDLER_TYPE
to the value Xamarin.Android.Net.AndroidClientHandler
.
Alternatively, you can use ModernHttpClient by handing a NativeMessageHandler
to the HttpClient constructor which will also use native implementations for making HTTP calls.
SSL/TLS
The default Mono implementation does not support the newest (and most secure) TLS standard 1.2 while the native handlers do. To use TLS 1.2 with the Mono implementation, Xamarin.iOS 9.8 introduced the option to swap the TLS implementation with P/Invoke calls into the Apple’s TLS implementation. This can be selected either in the IDE or by adding the --tls-provider=appletls
option to mtouch
‘s options.
For Android, there is no such option but it is expected that BoringSSL
support will be added soon.
Here’s the summary slide I showed in my talk:
Xamarin have actually gone through the trouble of reimplementing the TLS code to support TLS 1.1 and 1.2. However, it is expected that it will be abandoned because of security considerations in favor of the native platform implementations, just as Microsoft has done for Windows.
Update (2017-02-15)
Here’s an update on the current state of HttpClient
:
- You can now specify that you want to use
AndroidClientHandler
your Android project’s properties page, just as you already could for iOS. - As expected, Xamarin have added TLS 1.2 support to the Mono (non-native) HttpClientHandler by incorporating Google’s
BoringSSL
into their codebase. For Android, this option is also selectable in your project’s properties page.BoringSSL
also brings TLS 1.2 to the Unix/Linux implementations of Mono. - Contrary to my previous knowledge, ModernHttpClient does support certificate pinning using
ServicePointManager
. Thomas Bandt wrote an excellent blog post on how to get certificate pinning working with ModernHttpClient and evenAndroidClientHandler
.
And here’s the updated matrix: