Addressing PR comments.

Commit migrated from https://github.com/dotnet/corefx/commit/d3e301d1d50912feddcbe371ae328babf9090760

src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_ssl.cpp

@@ -83,18 +83,17 @@ extern "C" SSL_CTX* CryptoNative_SslCtxCreate(SSL_METHOD* method)
     return ctx;
 }
 
-
 extern "C" void CryptoNative_SetProtocolOptions(SSL_CTX* ctx, SslProtocols protocols)
 {
     // protocols may be 0 (default). Less secure protocols should be excluded in this case.    
     long protocolOptions = 0;
 
-    if (!protocols || ((protocols & PAL_SSL_SSL2) != PAL_SSL_SSL2))
+    if ((protocols & PAL_SSL_SSL2) != PAL_SSL_SSL2)
     {
         protocolOptions |= SSL_OP_NO_SSLv2;
     }
 #ifndef OPENSSL_NO_SSL3
-    if (!protocols || ((protocols & PAL_SSL_SSL3) != PAL_SSL_SSL3))
+    if ((protocols & PAL_SSL_SSL3) != PAL_SSL_SSL3)
     {
         protocolOptions |= SSL_OP_NO_SSLv3;
     }

src/libraries/System.Net.Primitives/src/System/Net/SecureProtocols/SslEnumTypes.cs

@@ -37,7 +37,7 @@ public enum CipherAlgorithmType
         Aes128 = (Interop.Crypt32.ALG_CLASS_ENCRYPT | Interop.Crypt32.ALG_TYPE_BLOCK | Interop.Crypt32.ALG_SID_AES_128),
         Aes192 = (Interop.Crypt32.ALG_CLASS_ENCRYPT | Interop.Crypt32.ALG_TYPE_BLOCK | Interop.Crypt32.ALG_SID_AES_192),
         Aes256 = (Interop.Crypt32.ALG_CLASS_ENCRYPT | Interop.Crypt32.ALG_TYPE_BLOCK | Interop.Crypt32.ALG_SID_AES_256),
-        Null = (Interop.Crypt32.ALG_CLASS_ENCRYPT)  // 0-bit NULL cipher algorithm
+        Null = (Interop.Crypt32.ALG_CLASS_ENCRYPT),  // 0-bit NULL cipher algorithm
     }
 
     public enum HashAlgorithmType
@@ -47,6 +47,6 @@ public enum HashAlgorithmType
         Sha1 = (Interop.Crypt32.ALG_CLASS_HASH | Interop.Crypt32.ALG_CLASS_ANY | Interop.Crypt32.ALG_SID_SHA),
         Sha256 = (Interop.Crypt32.ALG_CLASS_HASH | Interop.Crypt32.ALG_CLASS_ANY | Interop.Crypt32.ALG_SID_SHA_256),
         Sha384 = (Interop.Crypt32.ALG_CLASS_HASH | Interop.Crypt32.ALG_CLASS_ANY | Interop.Crypt32.ALG_SID_SHA_384),
-        Sha512 = (Interop.Crypt32.ALG_CLASS_HASH | Interop.Crypt32.ALG_CLASS_ANY | Interop.Crypt32.ALG_SID_SHA_512)
+        Sha512 = (Interop.Crypt32.ALG_CLASS_HASH | Interop.Crypt32.ALG_CLASS_ANY | Interop.Crypt32.ALG_SID_SHA_512),
     }
 }

src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSystemDefaultsTest.cs

@@ -68,13 +68,12 @@ public async Task RunTest()
                 tasks[0] = AuthenticateClient(serverHost, clientCertificates, checkCertificateRevocation: false);
                 tasks[1] = AuthenticateServer(serverCertificate, clientCertificateRequired:true, checkCertificateRevocation:false);
                 await Task.WhenAll(tasks);
-
                 
-                if (PlatformDetection.IsWindows && PlatformDetection.WindowsVersion > 10)
+                if (PlatformDetection.IsWindows && PlatformDetection.WindowsVersion >= 10)
                 {
-                    Assert.True( _clientStream.HashAlgorithm == HashAlgorithmType.Sha256 ||
-                                   _clientStream.HashAlgorithm == HashAlgorithmType.Sha384 ||
-                                   _clientStream.HashAlgorithm == HashAlgorithmType.Sha512);
+                    Assert.True(_clientStream.HashAlgorithm == HashAlgorithmType.Sha256 ||
+                                _clientStream.HashAlgorithm == HashAlgorithmType.Sha384 ||
+                                _clientStream.HashAlgorithm == HashAlgorithmType.Sha512);
                 }
             }
 
@@ -84,7 +83,16 @@ public async Task RunTest()
                 X509Chain chain,
                 SslPolicyErrors sslPolicyErrors)
             {
-                return true;
+                switch (sslPolicyErrors)
+                {
+                    case SslPolicyErrors.None:
+                    case SslPolicyErrors.RemoteCertificateChainErrors:
+                    case SslPolicyErrors.RemoteCertificateNameMismatch:
+                        return true;
+                    case SslPolicyErrors.RemoteCertificateNotAvailable:
+                    default:
+                        return false;
+                }
             }
 
             protected abstract Task AuthenticateClient(string targetHost, X509CertificateCollection clientCertificates, bool checkCertificateRevocation);

src/libraries/System.Net.Security/tests/System.Net.Security.Tests.builds

@@ -2,11 +2,21 @@
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory), dir.props))\dir.props" />
   <ItemGroup>
+    <Project Include="FunctionalTests\System.Net.Security.Tests.csproj">
+      <OSGroup>Linux</OSGroup>
+      <TargetGroup>netcoreapp1.1</TargetGroup>
+      <TestTFMs>netcoreapp1.1</TestTFMs>
+    </Project>
     <Project Include="FunctionalTests\System.Net.Security.Tests.csproj">
       <OSGroup>Linux</OSGroup>
       <TargetGroup>netstandard1.7</TargetGroup>
       <TestTFMs>netcoreapp1.1</TestTFMs>
     </Project>
+    <Project Include="FunctionalTests\System.Net.Security.Tests.csproj">
+      <OSGroup>OSX</OSGroup>
+      <TargetGroup>netcoreapp1.1</TargetGroup>
+      <TestTFMs>netcoreapp1.1</TestTFMs>
+    </Project>
     <Project Include="FunctionalTests\System.Net.Security.Tests.csproj">
       <OSGroup>OSX</OSGroup>
       <TargetGroup>netstandard1.7</TargetGroup>