Adding documentation for new CipherSuitesPolicy, SslStream.NegotiatedCipherSuite and TlsCipherSuites (#2822)

jozkee · Ron Petrusha · Ron Petrusha · commit dc0d8831ff11 · 2019-08-07T18:06:55.000Z
* Adding documentation for new CipherSuitesPolicy, SslStream.NegotiatedCipherSuite and TlsCipherSuite.

* Apply suggestions from code review

* Adding some changes of my own as well.

Co-Authored-By: Maira Wenzel &lt;mairaw@microsoft.com&gt;
Co-Authored-By: Jeremy Barton &lt;jbarton@microsoft.com&gt;

* Apply suggestions from code review

Co-Authored-By: Ron Petrusha &lt;ronpet@microsoft.com&gt;
diff --git a/xml/System.Net.Security/CipherSuitesPolicy.xml b/xml/System.Net.Security/CipherSuitesPolicy.xml
@@ -39,9 +39,21 @@
         <Parameter Name="allowedCipherSuites" Type="System.Collections.Generic.IEnumerable&lt;System.Net.Security.TlsCipherSuite&gt;" />
       </Parameters>
       <Docs>
-        <param name="allowedCipherSuites">To be added.</param>
-        <summary>To be added.</summary>
-        <remarks>To be added.</remarks>
+        <param name="allowedCipherSuites">The collection of cipher suites allowed in this policy for negotiation.</param>
+        <summary>Initializes a new instance of the <see cref="T:System.Net.Security.CipherSuitesPolicy" /> class that can be used for client or server authentication.</summary>
+        <remarks>
+          <format type="text/markdown"><![CDATA[  
+> [!NOTE]
+> Defining a cipher suite policy on <xref:System.Net.Security.SslStream> authentication will prevent the OS from deciding which are the best cipher suites to negotiate with and requires that you manually check and update this code. We strongly recommend that you avoid using this feature and rely on your constantly updated OS policy.
+
+## Remarks
+
+Unlike the operating system's underlying SSL/TLS implementation, the order of the <xref:System.Net.Security.TlsCipherSuite> elements in `allowedCipherSuites` doesn't guarantee their priority in client-server negotiation. You can only initialize an instance of this class if you're using Linux systems with OpenSSL 1.1.1 or higher or macOS.
+
+
+ ]]></format>
+        </remarks>
+        <exception cref="T:System.PlatformNotSupportedException">Platform is not a Linux system with OpenSSL 1.1.1 or higher or a macOS.</exception>
       </Docs>
     </Member>
     <Member MemberName="AllowedCipherSuites">
@@ -65,10 +77,21 @@
         <ReturnType>System.Collections.Generic.IEnumerable&lt;System.Net.Security.TlsCipherSuite&gt;</ReturnType>
       </ReturnValue>
       <Docs>
-        <summary>To be added.</summary>
-        <value>To be added.</value>
-        <remarks>To be added.</remarks>
+        <summary>Gets a subset of valid cipher suites passed into <see cref="M:System.Net.Security.CipherSuitesPolicy.#ctor(System.Collections.Generic.IEnumerable{System.Net.Security.TlsCipherSuite})" /> constructor as a collection of cipher suites allowed in this policy for negotiation.</summary>
+        <value>The collection of cipher suites allowed in this policy for negotiation.</value>
+        <remarks>
+          <format type="text/markdown"><![CDATA[
+
+
+> [!NOTE]
+> Defining a cipher suite policy on <xref:System.Net.Security.SslStream> authentication will prevent the OS from deciding which are the best cipher suites to negotiate with and requires that you manually check and update this code. We strongly recommend that you avoid using this feature and rely on your constantly updated OS policy.
+
+## Remarks
+Unlike the operating system's underlying SSL/TLS implementation, the order of the <xref:System.Net.Security.TlsCipherSuite> elements in `allowedCipherSuites` doesn't guarantee their priority in client-server negotiation. You can only initialize an instance of this class if you're using Linux systems with OpenSSL 1.1.1 or higher or macOS.
+
+ ]]></format>
+        </remarks>
       </Docs>
     </Member>
   </Members>
-</Type>
+</Type>
diff --git a/xml/System.Net.Security/SslStream.xml b/xml/System.Net.Security/SslStream.xml
@@ -3452,9 +3452,18 @@ Authentication has not occurred.</exception>
         <ReturnType>System.Net.Security.TlsCipherSuite</ReturnType>
       </ReturnValue>
       <Docs>
-        <summary>To be added.</summary>
-        <value>To be added.</value>
-        <remarks>To be added.</remarks>
+        <summary>Gets the cipher suite which was negotiated for this connection.</summary>
+        <value>One of the enumeration values that identifies the cipher suite which was negotiated for this connection.</value>
+        <remarks>
+          <format type="text/markdown"><![CDATA[  
+  
+## Remarks
+
+This property gets the cipher suite that is going to be used in the communication between a client and server by the underlying SSL/TLS implementation. It is only available after a successful call to <xref:System.Net.Security.SslStream.AuthenticateAsServer%2A> or <xref:System.Net.Security.SslStream.AuthenticateAsClient%2A>.
+
+ ]]></format>
+        </remarks>
+        <exception cref="T:System.InvalidOperationException">The property was accessed before the completion of the authentication process or the authentication process failed.</exception>
       </Docs>
     </Member>
     <Member MemberName="Position">
diff --git a/xml/System.Net.Security/TlsCipherSuite.xml b/xml/System.Net.Security/TlsCipherSuite.xml
