[Mono.Security]: Add a few more 'Mono.Security.Interface' APIs.

The following general-purpose enums and exception helpers were moved
here from Mono.Security.NewTls.Interface, which is going away.

* Alert, CipherAlgorithmType, CipherSuiteCode, ExchangeAlgorithmType,
  HashAlgorithmType, TlsConnectionInfo, TlsException, TlsProtocolCode,
  TlsProtocols.

* TlsConnectionInfo has been merged into MonoTlsConnectionInfo.

Note that you may not use 'using' statements for both 'Mono.Security.Interface'
and 'System.Security.Authentication' due to conflicting types.  Use a prefix such as
"using MSI = Mono.Security.Interface;" or "using SSA = System.Security.Authentication;"
if you need both namespaces.

(cherry picked from commit af05134433c658c93f82c6f4d47b93bb4b83257f)

15 files changed, 1003 insertions, 16 deletions

diff --git a/mcs/class/Mono.Security.Providers.DotNet/Mono.Security.Providers.DotNet/DotNetSslStreamImpl.cs b/mcs/class/Mono.Security.Providers.DotNet/Mono.Security.Providers.DotNet/DotNetSslStreamImpl.cs
index 12fabc8f58f..e9b7e96dd2d 100644
--- a/mcs/class/Mono.Security.Providers.DotNet/Mono.Security.Providers.DotNet/DotNetSslStreamImpl.cs
+++ b/mcs/class/Mono.Security.Providers.DotNet/Mono.Security.Providers.DotNet/DotNetSslStreamImpl.cs
@@ -33,11 +33,11 @@ using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Principal;
 using System.Security.Cryptography;
-using Mono.Security.Interface;
+using MSI = Mono.Security.Interface;
 
 namespace Mono.Security.Providers.DotNet
 {
-	class DotNetSslStreamImpl : MonoSslStream
+	class DotNetSslStreamImpl : MSI.MonoSslStream
 	{
 		SslStream impl;
 
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/Alert.cs b/mcs/class/Mono.Security/Mono.Security.Interface/Alert.cs
new file mode 100644
index 00000000000..fdd0948a2e9
--- /dev/null
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/Alert.cs
@@ -0,0 +1,277 @@
+//
+// Alert.cs
+//
+// Author:
+//       Martin Baulig <martin.baulig@xamarin.com>
+//
+// Copyright (c) 2015 Xamarin, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+using System;
+
+namespace Mono.Security.Interface
+{
+	#region Enumerations
+
+	public enum AlertLevel : byte
+	{
+		Warning = 1,
+		Fatal	= 2
+	}
+
+	public enum AlertDescription : byte
+	{
+		CloseNotify			= 0,
+		UnexpectedMessage		= 10,
+		BadRecordMAC			= 20,
+		DecryptionFailed_RESERVED	= 21,
+		RecordOverflow			= 22,
+		DecompressionFailure		= 30,
+		HandshakeFailure		= 40,
+		NoCertificate_RESERVED		= 41,	// should be used in SSL3
+		BadCertificate			= 42,
+		UnsupportedCertificate		= 43,
+		CertificateRevoked		= 44,
+		CertificateExpired		= 45,
+		CertificateUnknown		= 46,
+		IlegalParameter			= 47,
+		UnknownCA			= 48,
+		AccessDenied			= 49,
+		DecodeError			= 50,
+		DecryptError			= 51,
+		ExportRestriction		= 60,
+		ProtocolVersion			= 70,
+		InsuficientSecurity		= 71,
+		InternalError			= 80,
+		UserCancelled			= 90,
+		NoRenegotiation			= 100,
+		UnsupportedExtension		= 110
+	}
+
+	#endregion
+	
+	public class Alert
+	{
+		#region Fields
+
+		private AlertLevel			level;
+		private AlertDescription	description;
+
+		#endregion
+
+		#region Properties
+
+		public AlertLevel Level
+		{
+			get { return this.level; }
+		}
+
+		public AlertDescription Description
+		{
+			get { return this.description; }
+		}
+
+		public string Message
+		{
+			get { return Alert.GetAlertMessage(this.description); }
+		}
+
+		public bool IsWarning
+		{
+			get { return this.level == AlertLevel.Warning ? true : false; }
+		}
+
+		/*
+		public bool IsFatal
+		{
+			get { return this.level == AlertLevel.Fatal ? true : false; }
+		}
+		*/
+
+		public bool IsCloseNotify
+		{
+			get
+			{
+				if (this.IsWarning &&
+					this.description == AlertDescription.CloseNotify)
+				{
+					return true;
+				}
+
+				return false;
+			}
+		}
+
+		#endregion
+
+		#region Constructors
+
+		public Alert(AlertDescription description)
+		{
+			this.description = description;
+			this.inferAlertLevel();
+		}
+
+		public Alert(
+			AlertLevel			level,
+			AlertDescription	description)
+		{
+			this.level			= level;
+			this.description	= description;
+		}
+
+		#endregion
+
+		#region Private Methods
+
+		private void inferAlertLevel()
+		{
+			switch (description)
+			{
+				case AlertDescription.CloseNotify:
+				case AlertDescription.NoRenegotiation:
+				case AlertDescription.UserCancelled:
+					this.level = AlertLevel.Warning;
+					break;
+
+				case AlertDescription.AccessDenied:
+				case AlertDescription.BadCertificate:
+				case AlertDescription.BadRecordMAC:
+				case AlertDescription.CertificateExpired:
+				case AlertDescription.CertificateRevoked:
+				case AlertDescription.CertificateUnknown:
+				case AlertDescription.DecodeError:
+				case AlertDescription.DecompressionFailure:
+				case AlertDescription.DecryptError:
+				case AlertDescription.DecryptionFailed_RESERVED:
+				case AlertDescription.ExportRestriction:
+				case AlertDescription.HandshakeFailure:
+				case AlertDescription.IlegalParameter:
+				case AlertDescription.InsuficientSecurity:
+				case AlertDescription.InternalError:
+				case AlertDescription.ProtocolVersion:
+				case AlertDescription.RecordOverflow:
+				case AlertDescription.UnexpectedMessage:
+				case AlertDescription.UnknownCA:
+				case AlertDescription.UnsupportedCertificate:
+				case AlertDescription.UnsupportedExtension:
+				default:
+					this.level = AlertLevel.Fatal;
+					break;
+			}
+		}
+		
+		#endregion
+
+		public override string ToString ()
+		{
+			return string.Format ("[Alert: {0}:{1}]", Level, Description);
+		}
+
+		#region Static Methods
+
+		public static string GetAlertMessage(AlertDescription description)
+		{
+			#if (DEBUG)
+			switch (description)
+			{
+				case AlertDescription.AccessDenied:
+					return "An inappropriate message was received.";
+
+				case AlertDescription.BadCertificate:
+					return "TLSCiphertext decrypted in an invalid way.";
+
+				case AlertDescription.BadRecordMAC:
+					return "Record with an incorrect MAC.";
+
+				case AlertDescription.CertificateExpired:
+					return "Certificate has expired or is not currently valid";
+
+				case AlertDescription.CertificateRevoked:
+					return "Certificate was revoked by its signer.";
+					
+				case AlertDescription.CertificateUnknown:
+					return "Certificate Unknown.";
+
+				case AlertDescription.CloseNotify:
+					return "Connection closed";
+
+				case AlertDescription.DecodeError:
+					return "A message could not be decoded because some field was out of the specified range or the length of the message was incorrect.";
+
+				case AlertDescription.DecompressionFailure:
+					return "The decompression function received improper input (e.g. data that would expand to excessive length).";
+
+				case AlertDescription.DecryptError:
+					return "TLSCiphertext decrypted in an invalid way: either it wasn`t an even multiple of the block length or its padding values, when checked, weren`t correct.";
+
+				case AlertDescription.DecryptionFailed_RESERVED:
+					return "Handshake cryptographic operation failed, including being unable to correctly verify a signature, decrypt a key exchange, or validate finished message.";
+
+				case AlertDescription.ExportRestriction:
+					return "Negotiation not in compliance with export restrictions was detected.";
+
+				case AlertDescription.HandshakeFailure:
+					return "Unable to negotiate an acceptable set of security parameters given the options available.";
+
+				case AlertDescription.IlegalParameter:
+					return "A field in the handshake was out of range or inconsistent with other fields.";
+					
+				case AlertDescription.InsuficientSecurity:
+					return "Negotiation has failed specifically because the server requires ciphers more secure than those supported by the client.";
+					
+				case AlertDescription.InternalError:
+					return "Internal error unrelated to the peer or the correctness of the protocol makes it impossible to continue.";
+
+				case AlertDescription.NoRenegotiation:
+					return "Invalid renegotiation.";
+
+				case AlertDescription.ProtocolVersion:
+					return "Unsupported protocol version.";
+
+				case AlertDescription.RecordOverflow:
+					return "Invalid length on TLSCiphertext record or TLSCompressed record.";
+
+				case AlertDescription.UnexpectedMessage:
+					return "Invalid message received.";
+
+				case AlertDescription.UnknownCA:
+					return "CA can't be identified as a trusted CA.";
+
+				case AlertDescription.UnsupportedCertificate:
+					return "Certificate was of an unsupported type.";
+
+				case AlertDescription.UserCancelled:
+					return "Handshake cancelled by user.";
+
+				case AlertDescription.UnsupportedExtension:
+					return "Unsupported extension.";
+
+				default:
+					return "";
+			}
+			#else
+			return "The authentication or decryption has failed.";
+			#endif
+		}
+
+		#endregion
+	}
+}
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/CipherAlgorithmType.cs b/mcs/class/Mono.Security/Mono.Security.Interface/CipherAlgorithmType.cs
new file mode 100644
index 00000000000..4a54fa75412
--- /dev/null
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/CipherAlgorithmType.cs
@@ -0,0 +1,39 @@
+//
+// CipherAlgorithmType.cs
+//
+// Author:
+//       Martin Baulig <martin.baulig@xamarin.com>
+//
+// Copyright (c) 2015 Xamarin Inc. (http://www.xamarin.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+using System;
+
+namespace Mono.Security.Interface
+{
+	public enum CipherAlgorithmType
+	{
+		None,
+		Aes128,
+		Aes256,
+		AesGcm128,
+		AesGcm256
+	}
+}
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/CipherSuiteCode.cs b/mcs/class/Mono.Security/Mono.Security.Interface/CipherSuiteCode.cs
new file mode 100644
index 00000000000..66980df81a6
--- /dev/null
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/CipherSuiteCode.cs
@@ -0,0 +1,398 @@
+//
+// CipherSuiteCode.cs
+//
+// Author:
+//       Martin Baulig <martin.baulig@xamarin.com>
+//
+// Copyright (c) 2015 Xamarin, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+using System;
+
+namespace Mono.Security.Interface
+{
+	/// <summary>
+	/// RFC 2246 A.5
+	/// </summary>
+	public enum CipherSuiteCode : ushort
+	{
+		TLS_NULL_WITH_NULL_NULL = 0x0000,
+		TLS_RSA_WITH_NULL_MD5 = 0x0001,
+		TLS_RSA_WITH_NULL_SHA = 0x0002,
+		TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
+		TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
+		TLS_RSA_WITH_RC4_128_SHA = 0x0005,
+		TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
+		TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,
+		TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
+		TLS_RSA_WITH_DES_CBC_SHA = 0x0009,
+		TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
+		TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
+		TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
+		TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
+		TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
+		TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
+		TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
+		TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
+		TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
+		TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
+		TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
+		TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
+		TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
+		TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x0017,
+		TLS_DH_anon_WITH_RC4_128_MD5 = 0x0018,
+		TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
+		TLS_DH_anon_WITH_DES_CBC_SHA = 0x001A,
+		TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x001B,
+
+		/*
+		 * Note: The cipher suite values { 0x00, 0x1C } and { 0x00, 0x1D } are reserved to avoid
+		 * collision with Fortezza-based cipher suites in SSL 3.
+		*/
+
+		/*
+		 * RFC 3268
+		*/
+		TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
+		TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
+		TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
+		TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
+		TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
+		TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x0034,
+		TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
+		TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
+		TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
+		TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
+		TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
+		TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x003A,
+
+		/*
+		 * RFC 5932
+		*/
+		TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041,
+		TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042,
+		TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043,
+		TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044,
+		TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045,
+		TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA = 0x0046,
+
+		TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084,
+		TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085,
+		TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086,
+		TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087,
+		TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088,
+		TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA = 0x0089,
+
+		TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA,
+		TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB,
+		TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC,
+		TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD,
+		TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE,
+		TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF,
+
+		TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0,
+		TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1,
+		TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2,
+		TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
+		TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
+		TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
+
+		/*
+		 * RFC 4162
+		*/
+		TLS_RSA_WITH_SEED_CBC_SHA = 0x0096,
+		TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097,
+		TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098,
+		TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099,
+		TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
+		TLS_DH_anon_WITH_SEED_CBC_SHA = 0x009B,
+
+		/*
+		 * RFC 4279
+		*/
+		TLS_PSK_WITH_RC4_128_SHA = 0x008A,
+		TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
+		TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
+		TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
+		TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
+		TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
+		TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
+		TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
+		TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
+		TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
+		TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
+		TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
+
+		/*
+		 * RFC 4492
+		*/
+		TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
+		TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
+		TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
+		TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
+		TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
+		TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
+		TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
+		TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
+		TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
+		TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
+		TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
+		TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
+		TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
+		TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
+		TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
+		TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
+		TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
+		TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
+		TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
+		TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
+		TLS_ECDH_anon_WITH_NULL_SHA = 0xC015,
+		TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016,
+		TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017,
+		TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018,
+		TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019,
+
+		/*
+		 * RFC 4785
+		*/
+		TLS_PSK_WITH_NULL_SHA = 0x002C,
+		TLS_DHE_PSK_WITH_NULL_SHA = 0x002D,
+		TLS_RSA_PSK_WITH_NULL_SHA = 0x002E,
+
+		/*
+		 * RFC 5054
+		*/
+		TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A,
+		TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B,
+		TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C,
+		TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D,
+		TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E,
+		TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F,
+		TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020,
+		TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021,
+		TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022,
+
+		/*
+		 * RFC 5246
+		*/
+		TLS_RSA_WITH_NULL_SHA256 = 0x003B,
+		TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
+		TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
+		TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
+		TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
+		TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
+		TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
+		TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
+		TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
+		TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
+		TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
+		TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x006C,
+		TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x006D,
+
+		/*
+		 * RFC 5288
+		*/
+		TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
+		TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
+		TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
+		TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
+		TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
+		TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
+		TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
+		TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
+		TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
+		TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
+		TLS_DH_anon_WITH_AES_128_GCM_SHA256 = 0x00A6,
+		TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0x00A7,
+
+		/*
+		 * RFC 5289
+		*/
+		TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
+		TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
+		TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
+		TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
+		TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
+		TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
+		TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
+		TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
+		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
+		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
+		TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
+		TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
+		TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
+		TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
+		TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
+		TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
+
+		/*
+		 * RFC 5487
+		*/
+		TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
+		TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
+		TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
+		TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
+		TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
+		TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
+		TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
+		TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
+		TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
+		TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
+		TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
+		TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
+		TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
+		TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
+		TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
+		TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
+		TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
+		TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
+
+		/*
+		 * RFC 5489
+		*/
+		TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033,
+		TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034,
+		TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035,
+		TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036,
+		TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037,
+		TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038,
+		TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039,
+		TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A,
+		TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B,
+
+		/*
+		 * RFC 5746
+		*/
+		TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
+
+		/*
+		 * RFC 6367
+		*/
+		TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC072,
+		TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC073,
+		TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC074,
+		TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC075,
+		TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC076,
+		TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC077,
+		TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC078,
+		TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC079,
+
+		TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07A,
+		TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07B,
+		TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07C,
+		TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07D,
+		TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07E,
+		TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07F,
+		TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080,
+		TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081,
+		TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC082,
+		TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC083,
+		TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 = 0xC084,
+		TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 = 0xC085,
+		TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086,
+		TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087,
+		TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC088,
+		TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC089,
+		TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08A,
+		TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08B,
+		TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08C,
+		TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08D,
+
+		TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08E,
+		TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08F,
+		TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090,
+		TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091,
+		TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC092,
+		TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC093,
+		TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC094,
+		TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC095,
+		TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC096,
+		TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC097,
+		TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC098,
+		TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC099,
+		TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC09A,
+		TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC09B,
+
+		/*
+		 * RFC 6655
+		*/
+		TLS_RSA_WITH_AES_128_CCM = 0xC09C,
+		TLS_RSA_WITH_AES_256_CCM = 0xC09D,
+		TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E,
+		TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F,
+		TLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0,
+		TLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1,
+		TLS_DHE_RSA_WITH_AES_128_CCM_8 = 0xC0A2,
+		TLS_DHE_RSA_WITH_AES_256_CCM_8 = 0xC0A3,
+		TLS_PSK_WITH_AES_128_CCM = 0xC0A4,
+		TLS_PSK_WITH_AES_256_CCM = 0xC0A5,
+		TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6,
+		TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7,
+		TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8,
+		TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9,
+		TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA,
+		TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB,
+
+		/*
+		 * draft-agl-tls-chacha20poly1305-04
+		*/
+		TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC13,
+		TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14,
+		TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC15,
+
+		/*
+		 * draft-josefsson-salsa20-tls-04
+		*/
+		TLS_RSA_WITH_ESTREAM_SALSA20_SHA1 = 0xE410,
+		TLS_RSA_WITH_SALSA20_SHA1 = 0xE411,
+		TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1 = 0xE412,
+		TLS_ECDHE_RSA_WITH_SALSA20_SHA1 = 0xE413,
+		TLS_ECDHE_ECDSA_WITH_ESTREAM_SALSA20_SHA1 = 0xE414,
+		TLS_ECDHE_ECDSA_WITH_SALSA20_SHA1 = 0xE415,
+		TLS_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xE416,
+		TLS_PSK_WITH_SALSA20_SHA1 = 0xE417,
+		TLS_ECDHE_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xE418,
+		TLS_ECDHE_PSK_WITH_SALSA20_SHA1 = 0xE419,
+		TLS_RSA_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xE41A,
+		TLS_RSA_PSK_WITH_SALSA20_SHA1 = 0xE41B,
+		TLS_DHE_PSK_WITH_ESTREAM_SALSA20_SHA1 = 0xE41C,
+		TLS_DHE_PSK_WITH_SALSA20_SHA1 = 0xE41D,
+		TLS_DHE_RSA_WITH_ESTREAM_SALSA20_SHA1 = 0xE41E,
+		TLS_DHE_RSA_WITH_SALSA20_SHA1 = 0xE41F,
+
+		/*
+		 * draft-ietf-tls-downgrade-scsv-00
+		*/
+		TLS_FALLBACK_SCSV = 0x5600,
+
+		/*
+		public static bool IsScsv (int cipherSuite)
+		{
+			switch (cipherSuite) {
+			case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
+			case TLS_FALLBACK_SCSV:
+				return true,
+			default:
+				return false,
+			}
+		}
+		*/
+	}
+}
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/ExchangeAlgorithmType.cs b/mcs/class/Mono.Security/Mono.Security.Interface/ExchangeAlgorithmType.cs
new file mode 100644
index 00000000000..c7a70aa6799
--- /dev/null
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/ExchangeAlgorithmType.cs
@@ -0,0 +1,38 @@
+//
+// ExchangeAlgorithmType.cs
+//
+// Author:
+//       Martin Baulig <martin.baulig@xamarin.com>
+//
+// Copyright (c) 2015 Xamarin Inc. (http://www.xamarin.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+using System;
+
+namespace Mono.Security.Interface
+{
+	public enum ExchangeAlgorithmType
+	{
+		None,
+		Dhe,
+		Rsa,
+		EcDhe
+	}
+}
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/HashAlgorithmType.cs b/mcs/class/Mono.Security/Mono.Security.Interface/HashAlgorithmType.cs
new file mode 100644
index 00000000000..549e0b6a48e
--- /dev/null
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/HashAlgorithmType.cs
@@ -0,0 +1,44 @@
+//
+// HashAlgorithmType.cs
+//
+// Author:
+//       Martin Baulig <martin.baulig@xamarin.com>
+//
+// Copyright (c) 2015 Xamarin, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+namespace Mono.Security.Interface
+{
+	public enum HashAlgorithmType
+	{
+		// These values refer to the @HashAlgorithm enumeration in the TLS 1.2 spec.
+		None	= 0,
+		Md5	= 1,
+		Sha1	= 2,
+		Sha224	= 3,
+		Sha256	= 4,
+		Sha384	= 5,
+		Sha512	= 6,
+		Unknown	= 255,
+
+		// Mono-specific addition, allowing us to reuse it IHashAlgorithm API for TLS 1.0 / 1.1.
+		Md5Sha1	= 254
+	}
+}
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/MonoSslStream.cs b/mcs/class/Mono.Security/Mono.Security.Interface/MonoSslStream.cs
index 48fc51bf4cc..c43e2db095b 100644
--- a/mcs/class/Mono.Security/Mono.Security.Interface/MonoSslStream.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/MonoSslStream.cs
@@ -28,7 +28,7 @@ using System.IO;
 using System.Net;
 using System.Net.Security;
 using System.Threading.Tasks;
-using System.Security.Authentication;
+using SSA = System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Principal;
 using System.Security.Cryptography;
@@ -40,31 +40,31 @@ namespace Mono.Security.Interface
 	{
 		public abstract void AuthenticateAsClient (string targetHost);
 
-		public abstract void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
+		public abstract void AuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
 
 		public abstract IAsyncResult BeginAuthenticateAsClient (string targetHost, AsyncCallback asyncCallback, object asyncState);
 
-		public abstract IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
+		public abstract IAsyncResult BeginAuthenticateAsClient (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
 
 		public abstract void EndAuthenticateAsClient (IAsyncResult asyncResult);
 
 		public abstract void AuthenticateAsServer (X509Certificate serverCertificate);
 
-		public abstract void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
+		public abstract void AuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
 
 		public abstract IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, AsyncCallback asyncCallback, object asyncState);
 
-		public abstract IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
+		public abstract IAsyncResult BeginAuthenticateAsServer (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation, AsyncCallback asyncCallback, object asyncState);
 
 		public abstract void EndAuthenticateAsServer (IAsyncResult asyncResult);
 
 		public abstract Task AuthenticateAsClientAsync (string targetHost);
 
-		public abstract Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
+		public abstract Task AuthenticateAsClientAsync (string targetHost, X509CertificateCollection clientCertificates, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
 
 		public abstract Task AuthenticateAsServerAsync (X509Certificate serverCertificate);
 
-		public abstract Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
+		public abstract Task AuthenticateAsServerAsync (X509Certificate serverCertificate, bool clientCertificateRequired, SSA.SslProtocols enabledSslProtocols, bool checkCertificateRevocation);
 
 		public abstract void Flush ();
 
@@ -106,7 +106,7 @@ namespace Mono.Security.Interface
 			get;
 		}
 
-		public abstract CipherAlgorithmType CipherAlgorithm {
+		public abstract SSA.CipherAlgorithmType CipherAlgorithm {
 			get;
 		}
 
@@ -114,7 +114,7 @@ namespace Mono.Security.Interface
 			get;
 		}
 
-		public abstract HashAlgorithmType HashAlgorithm {
+		public abstract SSA.HashAlgorithmType HashAlgorithm {
 			get;
 		}
 
@@ -122,7 +122,7 @@ namespace Mono.Security.Interface
 			get;
 		}
 
-		public abstract ExchangeAlgorithmType KeyExchangeAlgorithm {
+		public abstract SSA.ExchangeAlgorithmType KeyExchangeAlgorithm {
 			get;
 		}
 
@@ -180,7 +180,7 @@ namespace Mono.Security.Interface
 			get;
 		}
 
-		public abstract SslProtocols SslProtocol {
+		public abstract SSA.SslProtocols SslProtocol {
 			get;
 		}
 
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsConnectionInfo.cs b/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsConnectionInfo.cs
index 46501fb9b30..4bc5f436f45 100644
--- a/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsConnectionInfo.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/MonoTlsConnectionInfo.cs
@@ -24,20 +24,35 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 using System;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
 
 namespace Mono.Security.Interface
 {
 	public class MonoTlsConnectionInfo
 	{
-		public short CipherSuiteCode {
+		public CipherSuiteCode CipherSuiteCode {
 			get; set;
 		}
 
 		public TlsProtocols ProtocolVersion {
 			get; set;
 		}
+
+		public CipherAlgorithmType CipherAlgorithmType {
+			get; set;
+		}
+
+		public HashAlgorithmType HashAlgorithmType {
+			get; set;
+		}
+
+		public ExchangeAlgorithmType ExchangeAlgorithmType {
+			get; set;
+		}
+
+		public override string ToString ()
+		{
+			return string.Format ("[MonoTlsConnectionInfo: {0}:{1}]", ProtocolVersion, CipherSuiteCode);
+		}
 	}
 }
 
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/TlsException.cs b/mcs/class/Mono.Security/Mono.Security.Interface/TlsException.cs
new file mode 100644
index 00000000000..fabf4ee30c0
--- /dev/null
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/TlsException.cs
@@ -0,0 +1,84 @@
+//
+// TlsException.cs
+//
+// Author:
+//       Martin Baulig <martin.baulig@xamarin.com>
+//
+// Copyright (c) 2015 Xamarin, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+using System;
+using System.Text;
+using System.Runtime.Serialization;
+
+namespace Mono.Security.Interface
+{
+	public sealed class TlsException : Exception
+	{
+		#region Fields
+
+		private Alert alert;
+
+		#endregion
+
+		#region Properties
+
+		public Alert Alert {
+			get { return this.alert; }
+		}
+
+		#endregion
+
+		#region Constructors
+
+		public TlsException (Alert alert)
+			: this (alert, alert.Description.ToString())
+		{
+		}
+
+		public TlsException (Alert alert, string message)
+			: base (message)
+		{
+			this.alert = alert;
+		}
+
+		public TlsException (AlertLevel level, AlertDescription description)
+			: this (new Alert (level, description))
+		{
+		}
+
+		public TlsException (AlertDescription description)
+			: this (new Alert (description))
+		{
+		}
+
+		public TlsException (AlertDescription description, string message)
+			: this (new Alert (description), message)
+		{
+		}
+
+		public TlsException (AlertDescription description, string format, params object[] args)
+			: this (new Alert (description), string.Format (format, args))
+		{
+		}
+
+		#endregion
+	}
+}
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/TlsProtocolCode.cs b/mcs/class/Mono.Security/Mono.Security.Interface/TlsProtocolCode.cs
new file mode 100644
index 00000000000..e5a8e09eb9b
--- /dev/null
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/TlsProtocolCode.cs
@@ -0,0 +1,38 @@
+//
+// TlsProtocolCode.cs
+//
+// Author:
+//       Martin Baulig <martin.baulig@xamarin.com>
+//
+// Copyright (c) 2015 Xamarin, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+using System;
+
+namespace Mono.Security.Interface
+{
+	public enum TlsProtocolCode : short
+	{
+		Tls10 = 0x301,
+		Tls11 = 0x302,
+		Tls12 = 0x303
+	}
+}
+
diff --git a/mcs/class/Mono.Security/Mono.Security.Interface/TlsProtocols.cs b/mcs/class/Mono.Security/Mono.Security.Interface/TlsProtocols.cs
index d3ef9d76b25..614a25a98ad 100644
--- a/mcs/class/Mono.Security/Mono.Security.Interface/TlsProtocols.cs
+++ b/mcs/class/Mono.Security/Mono.Security.Interface/TlsProtocols.cs
@@ -1,3 +1,29 @@
+//
+// TlsProtocols.cs
+//
+// Author:
+//       Martin Baulig <martin.baulig@xamarin.com>
+//
+// Copyright (c) 2015 Xamarin, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
 using System;
 
 namespace Mono.Security.Interface
diff --git a/mcs/class/Mono.Security/Mono.Security.dll.sources b/mcs/class/Mono.Security/Mono.Security.dll.sources
index 3847d8d3ce3..c4828006171 100644
--- a/mcs/class/Mono.Security/Mono.Security.dll.sources
+++ b/mcs/class/Mono.Security/Mono.Security.dll.sources
@@ -135,7 +135,12 @@
 ./Mono.Xml/MiniParser.cs
 ./Mono.Xml/SecurityParser.cs
 
+./Mono.Security.Interface/Alert.cs
 ./Mono.Security.Interface/CertificateValidationHelper.cs
+./Mono.Security.Interface/CipherAlgorithmType.cs
+./Mono.Security.Interface/CipherSuiteCode.cs
+./Mono.Security.Interface/ExchangeAlgorithmType.cs
+./Mono.Security.Interface/HashAlgorithmType.cs
 ./Mono.Security.Interface/IBufferOffsetSize.cs
 ./Mono.Security.Interface/IMonoTlsEventSink.cs
 ./Mono.Security.Interface/IMonoTlsContext.cs
@@ -144,4 +149,6 @@
 ./Mono.Security.Interface/MonoTlsProvider.cs
 ./Mono.Security.Interface/MonoTlsProviderFactory.cs
 ./Mono.Security.Interface/MonoTlsSettings.cs
+./Mono.Security.Interface/TlsException.cs
+./Mono.Security.Interface/TlsProtocolCode.cs
 ./Mono.Security.Interface/TlsProtocols.cs
diff --git a/mcs/class/Mono.Security/xammac_Mono.Security.dll.sources b/mcs/class/Mono.Security/xammac_Mono.Security.dll.sources
index c0e5f667dbb..9fea89f179b 100644
--- a/mcs/class/Mono.Security/xammac_Mono.Security.dll.sources
+++ b/mcs/class/Mono.Security/xammac_Mono.Security.dll.sources
@@ -1,5 +1,10 @@
 #include monotouch_Mono.Security.dll.sources
 
+./Mono.Security.Interface/Alert.cs
+./Mono.Security.Interface/CipherAlgorithmType.cs
+./Mono.Security.Interface/CipherSuiteCode.cs
+./Mono.Security.Interface/ExchangeAlgorithmType.cs
+./Mono.Security.Interface/HashAlgorithmType.cs
 ./Mono.Security.Interface/IBufferOffsetSize.cs
 ./Mono.Security.Interface/IMonoTlsEventSink.cs
 ./Mono.Security.Interface/IMonoTlsContext.cs
@@ -8,4 +13,6 @@
 ./Mono.Security.Interface/MonoTlsProvider.cs
 ./Mono.Security.Interface/MonoTlsProviderFactory.cs
 ./Mono.Security.Interface/MonoTlsSettings.cs
+./Mono.Security.Interface/TlsException.cs
+./Mono.Security.Interface/TlsProtocolCode.cs
 ./Mono.Security.Interface/TlsProtocols.cs
diff --git a/mcs/class/System/monodroid_System.dll.sources b/mcs/class/System/monodroid_System.dll.sources
index 5a0d854cf45..ac2021032a3 100644
--- a/mcs/class/System/monodroid_System.dll.sources
+++ b/mcs/class/System/monodroid_System.dll.sources
@@ -77,7 +77,12 @@ System/AndroidPlatform.cs
 ../Mono.Security/Mono.Security.X509.Extensions/NetscapeCertTypeExtension.cs
 ../Mono.Security/Mono.Security.X509.Extensions/SubjectAltNameExtension.cs
 
+../Mono.Security/Mono.Security.Interface/Alert.cs
 ../Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
+../Mono.Security/Mono.Security.Interface/CipherAlgorithmType.cs
+../Mono.Security/Mono.Security.Interface/CipherSuiteCode.cs
+../Mono.Security/Mono.Security.Interface/ExchangeAlgorithmType.cs
+../Mono.Security/Mono.Security.Interface/HashAlgorithmType.cs
 ../Mono.Security/Mono.Security.Interface/IBufferOffsetSize.cs
 ../Mono.Security/Mono.Security.Interface/IMonoTlsEventSink.cs
 ../Mono.Security/Mono.Security.Interface/IMonoTlsContext.cs
@@ -86,4 +91,6 @@ System/AndroidPlatform.cs
 ../Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
 ../Mono.Security/Mono.Security.Interface/MonoTlsProviderFactory.cs
 ../Mono.Security/Mono.Security.Interface/MonoTlsSettings.cs
+../Mono.Security/Mono.Security.Interface/TlsException.cs
+../Mono.Security/Mono.Security.Interface/TlsProtocolCode.cs
 ../Mono.Security/Mono.Security.Interface/TlsProtocols.cs
diff --git a/mcs/class/System/monotouch_System.dll.sources b/mcs/class/System/monotouch_System.dll.sources
index ec41d5d60bd..de424699ce1 100644
--- a/mcs/class/System/monotouch_System.dll.sources
+++ b/mcs/class/System/monotouch_System.dll.sources
@@ -76,7 +76,12 @@ MonoTouch/MonoPInvokeCallbackAttribute.cs
 ../Mono.Security/Mono.Security.X509.Extensions/NetscapeCertTypeExtension.cs
 ../Mono.Security/Mono.Security.X509.Extensions/SubjectAltNameExtension.cs
 
+../Mono.Security/Mono.Security.Interface/Alert.cs
 ../Mono.Security/Mono.Security.Interface/CertificateValidationHelper.cs
+../Mono.Security/Mono.Security.Interface/CipherAlgorithmType.cs
+../Mono.Security/Mono.Security.Interface/CipherSuiteCode.cs
+../Mono.Security/Mono.Security.Interface/ExchangeAlgorithmType.cs
+../Mono.Security/Mono.Security.Interface/HashAlgorithmType.cs
 ../Mono.Security/Mono.Security.Interface/IBufferOffsetSize.cs
 ../Mono.Security/Mono.Security.Interface/IMonoTlsEventSink.cs
 ../Mono.Security/Mono.Security.Interface/IMonoTlsContext.cs
@@ -85,4 +90,6 @@ MonoTouch/MonoPInvokeCallbackAttribute.cs
 ../Mono.Security/Mono.Security.Interface/MonoTlsProvider.cs
 ../Mono.Security/Mono.Security.Interface/MonoTlsProviderFactory.cs
 ../Mono.Security/Mono.Security.Interface/MonoTlsSettings.cs
+../Mono.Security/Mono.Security.Interface/TlsException.cs
+../Mono.Security/Mono.Security.Interface/TlsProtocolCode.cs
 ../Mono.Security/Mono.Security.Interface/TlsProtocols.cs