Using https (or any other form of integrity protection of data) is an important requirement for my company. Does anyone know of a workaround or any other suggestion on how to secure http data?
The issue occurs because SslStream.AuthenticateAsClient leaks around 45KB each time it is called. Since the HTTP class calls that method for each new connection and since a new connection is created for each HTTP request most of the time.
A partial-workaround will be to implement your own HTTP library over the regular .net socket and SsLStream. You will still leak the 45KB when you call AuthenticateAsClient, but if you can keep the connection open indefinitely, that might be workable.
Well, it is only a partial workaround. If you do have to open and close the connection or have multiple ones open, you still will run out. But for some users, they can keep the socket open, so they won’t run into the issue right away.