This PR adds comprehensive documentation for the breaking change where HttpClient and SslStream default certificate revocation check mode changed from NoCheck to Online in .NET 10 Preview 6.

Changes Made

• Created new breaking change document: docs/core/compatibility/networking/10.0/ssl-certificate-revocation-check-default.md

  • Follows the official breaking change template structure
  • Includes clear before/after code examples
  • Provides multiple recommended actions including AppContext switches
  • Documents all affected APIs with proper xref links

• Updated TOC: Added the new document to both "By version" and "By area" sections in docs/core/compatibility/toc.yml

• Updated index: Added entry to the Networking section table in docs/core/compatibility/10.0.md

Breaking Change Details

The default values for SslClientAuthenticationOptions.CertificateRevocationCheckMode and SslServerAuthenticationOptions.CertificateRevocationCheckMode have changed from NoCheck to Online. This enhances security and makes behavior consistent with X509ChainPolicy.

Affected APIs:

• SslStream.AuthenticateAsClient* methods
• SslStream.AuthenticateAsServer* methods
• HttpClient (all Send* methods when using WinHttpHandler or SocketsHttpClientHandler)

Migration path:

// To preserve previous behavior
var clientOptions = new SslClientAuthenticationOptions
{
    TargetHost = "example.com",
    CertificateRevocationCheckMode = X509RevocationMode.NoCheck
};

Alternatively, use the System.Net.Security.NoRevocationCheckByDefault AppContext switch or DOTNET_SYSTEM_NET_SECURITY_NOREVOCATIONCHECKBYDEFAULT environment variable.

Fixes #46824.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Internal previews