Added example of how ALPN should be working

Source/MQTTnet/Client/Options/MqttClientOptionsBuilderTlsParameters.cs

@@ -16,7 +16,8 @@ public sealed class MqttClientOptionsBuilderTlsParameters
         public Func<MqttClientCertificateValidationEventArgs, bool> CertificateValidationHandler { get; set; }
 
 #if NET48 || NETCOREAPP3_1_OR_GREATER
-        public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12 | SslProtocols.Tls13;
+        public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12 | (SslProtocols)0x00003000 /*Tls13*/;
+        // public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12 | SslProtocols.Tls13;
 #else
         public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12 | (SslProtocols)0x00003000 /*Tls13*/;
 #endif

Source/MQTTnet/Client/Options/MqttClientTlsOptions.cs

@@ -32,11 +32,12 @@ public sealed class MqttClientTlsOptions
 #if NETCOREAPP3_1_OR_GREATER
         public List<System.Net.Security.SslApplicationProtocol> ApplicationProtocols { get; set; }
 
-        public System.Net.Security.CipherSuitesPolicy CipherSuitesPolicy { get; set; }
+        // public System.Net.Security.CipherSuitesPolicy CipherSuitesPolicy { get; set; }
 #endif
 
 #if NET48 || NETCOREAPP3_1_OR_GREATER
-        public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12 | SslProtocols.Tls13;
+        public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12 | (SslProtocols)0x00003000 /*Tls13*/;
+        // public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12 | SslProtocols.Tls13;
 #else
         public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12 | (SslProtocols)0x00003000 /*Tls13*/;
 #endif

Source/MQTTnet/Implementations/MqttTcpChannel.cs

@@ -112,7 +112,7 @@ public async Task ConnectAsync(CancellationToken cancellationToken)
                             CertificateRevocationCheckMode =
  _tcpOptions.TlsOptions.IgnoreCertificateRevocationErrors ? X509RevocationMode.NoCheck : _tcpOptions.TlsOptions.RevocationMode,
                             TargetHost = _tcpOptions.Server,
-                            CipherSuitesPolicy = _tcpOptions.TlsOptions.CipherSuitesPolicy
+                            // CipherSuitesPolicy = _tcpOptions.TlsOptions.CipherSuitesPolicy
                         };
 
                         await sslStream.AuthenticateAsClientAsync(sslOptions, cancellationToken).ConfigureAwait(false);

Source/MQTTnet/Implementations/MqttTcpServerListener.cs

@@ -202,8 +202,8 @@ async Task TryHandleClientConnectionAsync(CrossPlatformSocket clientSocket)
                                 EnabledSslProtocols = _tlsOptions.SslProtocol,
                                 CertificateRevocationCheckMode = _tlsOptions.CheckCertificateRevocation ? X509RevocationMode.Online : X509RevocationMode.NoCheck,
                                 EncryptionPolicy = EncryptionPolicy.RequireEncryption,
-                                CipherSuitesPolicy = _tlsOptions.CipherSuitesPolicy
-                            }).ConfigureAwait(false);
+                                // CipherSuitesPolicy = _tlsOptions.CipherSuitesPolicy
+                            }, default).ConfigureAwait(false);
                     #else
                         await sslStream.AuthenticateAsServerAsync(
                             clientCertificate,

Source/MQTTnet/Server/Options/MqttServerTlsTcpEndpointOptions.cs

@@ -26,7 +26,7 @@ public MqttServerTlsTcpEndpointOptions()
         public SslProtocols SslProtocol { get; set; } = SslProtocols.Tls12;
 
 #if NETCOREAPP3_1_OR_GREATER
-        public System.Net.Security.CipherSuitesPolicy CipherSuitesPolicy { get; set; }
+        // public System.Net.Security.CipherSuitesPolicy CipherSuitesPolicy { get; set; }
 #endif
     }
 }