1) No, there is no priority. It works like this: The client announces to the server the highest TLS/SSL version it supports (this is specified by
client.Settings.SslAllowedVersions). The server either accepts this or asks the client to use a lower version instead. In that case, the client only uses the lower version if the
TlsVersion mask actually allows it as well (otherwise, the connection fails).
However, please note that
TlsVersion.Any is not the default value in Rebex components. Currently, the SSL-enabled components (FTP, IMAP, POP3 or SMTP) use the following value for
client.Settings.SslAllowedVersions by default:
TlsVersion.TLS11 | TlsVersion.TLS10
This means - use TLS 1.1 if possible, otherwise allow TLS 1.0.
Please note that this used to be
TlsVersion.TLS10 | TlsVersion.SSL30 until versions 2014 R2. We removed SSL 3.0 from the list because it is no longer considered secure enough and it's susceptible to POODLE attack (it can still be enabled if needed), and we added TLS 1.1 because it's already widely supported. In the next release, we will add TLS 1.2 support as well.
So to sum it up - it you are using the latest version of Rebex components, it's usually the best to use the default for
SslAllowedVersions. If you specified
TlsVersion.Any, you would also enable SSL 3.0, which is no longer considered secure and should only be used if it's the only version the server supports (which is very rare).
2) Yes, there is a priority here. When you choose TlsCiphetSuite.Secure, the following ciphers will be enabled. They are sorted by priority - the topmost algorithm that happens to be supported both by the client and the server will be used:
Please note that this will change in the next release as well - we are adding support for SHA-256 based ciphers.