diff --git a/docs/project/list-of-diagnostics.md b/docs/project/list-of-diagnostics.md
index 2262b320798d0..79a3af43ed29c 100644
--- a/docs/project/list-of-diagnostics.md
+++ b/docs/project/list-of-diagnostics.md
@@ -112,6 +112,7 @@ The PR that reveals the implementation of the `<IncludeInternalObsoleteAttribute
 |  __`SYSLIB0055`__ | The underlying hardware instruction does not perform a signed saturate narrowing operation, and it always returns an unsigned result. Use the unsigned overload instead. |
 |  __`SYSLIB0056`__ |  LoadFrom with a custom AssemblyHashAlgorithm is obsolete. Use overloads without an AssemblyHashAlgorithm. |
 |  __`SYSLIB0057`__ | Loading certificate data through the constructor or Import is obsolete. Use X509CertificateLoader instead to load certificates. |
+|  __`SYSLIB0058`__ | KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead. |
 
 ## Analyzer Warnings
 
diff --git a/src/libraries/Common/src/System/Obsoletions.cs b/src/libraries/Common/src/System/Obsoletions.cs
index ecd555d78c5ae..7db9f039b3399 100644
--- a/src/libraries/Common/src/System/Obsoletions.cs
+++ b/src/libraries/Common/src/System/Obsoletions.cs
@@ -184,6 +184,9 @@ internal static class Obsoletions
         internal const string X509CtorCertDataObsoleteMessage = "Loading certificate data through the constructor or Import is obsolete. Use X509CertificateLoader instead to load certificates.";
         internal const string X509CtorCertDataObsoleteDiagId = "SYSLIB0057";
 
+        internal const string TlsCipherAlgorithmEnumsMessage = "KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.";
+        internal const string TlsCipherAlgorithmEnumsDiagId = "SYSLIB0058";
+
         // When adding a new diagnostic ID, add it to the table in docs\project\list-of-diagnostics.md as well.
         // Keep new const identifiers above this comment.
     }
diff --git a/src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs b/src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs
index 32262da81be3e..cf1b9154d7bef 100644
--- a/src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs
+++ b/src/libraries/System.DirectoryServices.Protocols/ref/System.DirectoryServices.Protocols.cs
@@ -658,11 +658,29 @@ public enum SecurityMasks
     public partial class SecurityPackageContextConnectionInformation
     {
         internal SecurityPackageContextConnectionInformation() { }
+#if NET10_0_OR_GREATER
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
+#endif
         public System.Security.Authentication.CipherAlgorithmType AlgorithmIdentifier { get { throw null; } }
+#if NET10_0_OR_GREATER
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
+#endif
         public int CipherStrength { get { throw null; } }
+#if NET10_0_OR_GREATER
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
+#endif
         public int ExchangeStrength { get { throw null; } }
+#if NET10_0_OR_GREATER
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
+#endif
         public System.Security.Authentication.HashAlgorithmType Hash { get { throw null; } }
+#if NET10_0_OR_GREATER
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
+#endif
         public int HashStrength { get { throw null; } }
+#if NET10_0_OR_GREATER
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
+#endif
         public int KeyExchangeAlgorithm { get { throw null; } }
         public System.DirectoryServices.Protocols.SecurityProtocol Protocol { get { throw null; } }
     }
diff --git a/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapSessionOptions.cs b/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapSessionOptions.cs
index 0fa241fc30113..42fae51688a49 100644
--- a/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapSessionOptions.cs
+++ b/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapSessionOptions.cs
@@ -71,9 +71,11 @@ public class SecurityPackageContextConnectionInformation
     {
         // Not marked as readonly to enable passing to Unsafe.As in GetPinnableReference.
         private SecurityProtocol _securityProtocol;
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
         private readonly CipherAlgorithmType _identifier;
         private readonly int _strength;
         private readonly HashAlgorithmType _hashAlgorithm;
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
         private readonly int _hashStrength;
         private readonly int _keyExchangeAlgorithm;
         private readonly int _exchangeStrength;
@@ -83,17 +85,34 @@ internal SecurityPackageContextConnectionInformation()
         }
 
         public SecurityProtocol Protocol => _securityProtocol;
-
+#if NET10_0_OR_GREATER
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
+#endif
         public CipherAlgorithmType AlgorithmIdentifier => _identifier;
 
+#if NET10_0_OR_GREATER
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
+#endif
         public int CipherStrength => _strength;
 
+#if NET10_0_OR_GREATER
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
+#endif
         public HashAlgorithmType Hash => _hashAlgorithm;
 
+#if NET10_0_OR_GREATER
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
+#endif
         public int HashStrength => _hashStrength;
 
+#if NET10_0_OR_GREATER
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
+#endif
         public int KeyExchangeAlgorithm => _keyExchangeAlgorithm;
 
+#if NET10_0_OR_GREATER
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
+#endif
         public int ExchangeStrength => _exchangeStrength;
 
         internal ref readonly byte GetPinnableReference() => ref Unsafe.As<SecurityProtocol, byte>(ref _securityProtocol);
diff --git a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/HttpConnectionBase.cs b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/HttpConnectionBase.cs
index d018d72c5fc34..cb319097db4db 100644
--- a/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/HttpConnectionBase.cs
+++ b/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/HttpConnectionBase.cs
@@ -148,6 +148,7 @@ protected void TraceConnection(Stream stream)
         {
             if (stream is SslStream sslStream)
             {
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                 Trace(
                     $"{this}. Id:{Id}, " +
                     $"SslProtocol:{sslStream.SslProtocol}, NegotiatedApplicationProtocol:{sslStream.NegotiatedApplicationProtocol}, " +
@@ -155,6 +156,7 @@ protected void TraceConnection(Stream stream)
                     $"HashAlgorithm:{sslStream.HashAlgorithm}, HashStrength:{sslStream.HashStrength}, " +
                     $"KeyExchangeAlgorithm:{sslStream.KeyExchangeAlgorithm}, KeyExchangeStrength:{sslStream.KeyExchangeStrength}, " +
                     $"LocalCertificate:{sslStream.LocalCertificate}, RemoteCertificate:{sslStream.RemoteCertificate}");
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
             }
             else
             {
diff --git a/src/libraries/System.Net.Primitives/ref/System.Net.Primitives.cs b/src/libraries/System.Net.Primitives/ref/System.Net.Primitives.cs
index 480548a33f1b7..770d0cd351a3b 100644
--- a/src/libraries/System.Net.Primitives/ref/System.Net.Primitives.cs
+++ b/src/libraries/System.Net.Primitives/ref/System.Net.Primitives.cs
@@ -526,6 +526,7 @@ protected SocketException(System.Runtime.Serialization.SerializationInfo seriali
 }
 namespace System.Security.Authentication
 {
+    [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
     public enum CipherAlgorithmType
     {
         None = 0,
@@ -539,6 +540,7 @@ public enum CipherAlgorithmType
         Aes = 26129,
         Rc4 = 26625,
     }
+    [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
     public enum ExchangeAlgorithmType
     {
         None = 0,
@@ -546,6 +548,7 @@ public enum ExchangeAlgorithmType
         RsaKeyX = 41984,
         DiffieHellman = 43522,
     }
+    [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
     public enum HashAlgorithmType
     {
         None = 0,
@@ -563,11 +566,11 @@ public enum SslProtocols
         Ssl2 = 12,
         [System.ObsoleteAttribute("SslProtocols.Ssl3 has been deprecated and is not supported.")]
         Ssl3 = 48,
-        [System.ObsoleteAttribute("TLS versions 1.0 and 1.1 have known vulnerabilities and are not recommended. Use a newer TLS version instead, or use SslProtocols.None to defer to OS defaults.", DiagnosticId="SYSLIB0039", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
+        [System.ObsoleteAttribute("TLS versions 1.0 and 1.1 have known vulnerabilities and are not recommended. Use a newer TLS version instead, or use SslProtocols.None to defer to OS defaults.", DiagnosticId = "SYSLIB0039", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         Tls = 192,
         [System.ObsoleteAttribute("SslProtocols.Default has been deprecated and is not supported.")]
         Default = 240,
-        [System.ObsoleteAttribute("TLS versions 1.0 and 1.1 have known vulnerabilities and are not recommended. Use a newer TLS version instead, or use SslProtocols.None to defer to OS defaults.", DiagnosticId="SYSLIB0039", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
+        [System.ObsoleteAttribute("TLS versions 1.0 and 1.1 have known vulnerabilities and are not recommended. Use a newer TLS version instead, or use SslProtocols.None to defer to OS defaults.", DiagnosticId = "SYSLIB0039", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         Tls11 = 768,
         Tls12 = 3072,
         Tls13 = 12288,
@@ -577,8 +580,8 @@ namespace System.Security.Authentication.ExtendedProtection
 {
     public abstract partial class ChannelBinding : Microsoft.Win32.SafeHandles.SafeHandleZeroOrMinusOneIsInvalid
     {
-        protected ChannelBinding() : base (default(bool)) { }
-        protected ChannelBinding(bool ownsHandle) : base (default(bool)) { }
+        protected ChannelBinding() : base(default(bool)) { }
+        protected ChannelBinding(bool ownsHandle) : base(default(bool)) { }
         public abstract int Size { get; }
     }
     public enum ChannelBindingKind
diff --git a/src/libraries/System.Net.Primitives/src/System/Net/SecureProtocols/SslEnumTypes.cs b/src/libraries/System.Net.Primitives/src/System/Net/SecureProtocols/SslEnumTypes.cs
index e5c4e10d432c8..a79e11dd7729f 100644
--- a/src/libraries/System.Net.Primitives/src/System/Net/SecureProtocols/SslEnumTypes.cs
+++ b/src/libraries/System.Net.Primitives/src/System/Net/SecureProtocols/SslEnumTypes.cs
@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System;
 using System.Net;
 using System.Runtime.InteropServices;
 
@@ -24,6 +25,7 @@ public enum SslProtocols
         Default = Ssl3 | Tls
     }
 
+    [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
     public enum ExchangeAlgorithmType
     {
         None = 0,
@@ -32,6 +34,7 @@ public enum ExchangeAlgorithmType
         DiffieHellman = (Interop.Crypt32.ALG_CLASS_KEY_EXCHANGE | Interop.Crypt32.ALG_TYPE_DH | Interop.Crypt32.ALG_SID_DH_EPHEM),
     }
 
+    [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
     public enum CipherAlgorithmType
     {
         None = 0,  // No encryption
@@ -46,6 +49,7 @@ public enum CipherAlgorithmType
         Null = (Interop.Crypt32.ALG_CLASS_ENCRYPT),  // 0-bit NULL cipher algorithm
     }
 
+    [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
     public enum HashAlgorithmType
     {
         None = 0,
diff --git a/src/libraries/System.Net.Security/ref/System.Net.Security.cs b/src/libraries/System.Net.Security/ref/System.Net.Security.cs
index a075727ebba38..e1fdeb9323a9d 100644
--- a/src/libraries/System.Net.Security/ref/System.Net.Security.cs
+++ b/src/libraries/System.Net.Security/ref/System.Net.Security.cs
@@ -31,9 +31,9 @@ public CipherSuitesPolicy(System.Collections.Generic.IEnumerable<System.Net.Secu
     public enum EncryptionPolicy
     {
         RequireEncryption = 0,
-        [System.ObsoleteAttribute("EncryptionPolicy.NoEncryption and AllowEncryption significantly reduce security and should not be used in production code.", DiagnosticId="SYSLIB0040", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
+        [System.ObsoleteAttribute("EncryptionPolicy.NoEncryption and AllowEncryption significantly reduce security and should not be used in production code.", DiagnosticId = "SYSLIB0040", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         AllowNoEncryption = 1,
-        [System.ObsoleteAttribute("EncryptionPolicy.NoEncryption and AllowEncryption significantly reduce security and should not be used in production code.", DiagnosticId="SYSLIB0040", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
+        [System.ObsoleteAttribute("EncryptionPolicy.NoEncryption and AllowEncryption significantly reduce security and should not be used in production code.", DiagnosticId = "SYSLIB0040", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         NoEncryption = 2,
     }
     public delegate System.Security.Cryptography.X509Certificates.X509Certificate LocalCertificateSelectionCallback(object sender, string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection localCertificates, System.Security.Cryptography.X509Certificates.X509Certificate? remoteCertificate, string[] acceptableIssuers);
@@ -102,8 +102,8 @@ public enum NegotiateAuthenticationStatusCode
     }
     public partial class NegotiateStream : System.Net.Security.AuthenticatedStream
     {
-        public NegotiateStream(System.IO.Stream innerStream) : base (default(System.IO.Stream), default(bool)) { }
-        public NegotiateStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen) : base (default(System.IO.Stream), default(bool)) { }
+        public NegotiateStream(System.IO.Stream innerStream) : base(default(System.IO.Stream), default(bool)) { }
+        public NegotiateStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen) : base(default(System.IO.Stream), default(bool)) { }
         public override bool CanRead { get { throw null; } }
         public override bool CanSeek { get { throw null; } }
         public override bool CanTimeout { get { throw null; } }
@@ -241,26 +241,32 @@ public SslServerAuthenticationOptions() { }
     }
     public partial class SslStream : System.Net.Security.AuthenticatedStream
     {
-        public SslStream(System.IO.Stream innerStream) : base (default(System.IO.Stream), default(bool)) { }
-        public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen) : base (default(System.IO.Stream), default(bool)) { }
-        public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback) : base (default(System.IO.Stream), default(bool)) { }
-        public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback? userCertificateSelectionCallback) : base (default(System.IO.Stream), default(bool)) { }
-        public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback? userCertificateSelectionCallback, System.Net.Security.EncryptionPolicy encryptionPolicy) : base (default(System.IO.Stream), default(bool)) { }
+        public SslStream(System.IO.Stream innerStream) : base(default(System.IO.Stream), default(bool)) { }
+        public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen) : base(default(System.IO.Stream), default(bool)) { }
+        public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback) : base(default(System.IO.Stream), default(bool)) { }
+        public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback? userCertificateSelectionCallback) : base(default(System.IO.Stream), default(bool)) { }
+        public SslStream(System.IO.Stream innerStream, bool leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback? userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback? userCertificateSelectionCallback, System.Net.Security.EncryptionPolicy encryptionPolicy) : base(default(System.IO.Stream), default(bool)) { }
         public override bool CanRead { get { throw null; } }
         public override bool CanSeek { get { throw null; } }
         public override bool CanTimeout { get { throw null; } }
         public override bool CanWrite { get { throw null; } }
         public virtual bool CheckCertRevocationStatus { get { throw null; } }
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         public virtual System.Security.Authentication.CipherAlgorithmType CipherAlgorithm { get { throw null; } }
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         public virtual int CipherStrength { get { throw null; } }
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         public virtual System.Security.Authentication.HashAlgorithmType HashAlgorithm { get { throw null; } }
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         public virtual int HashStrength { get { throw null; } }
         public override bool IsAuthenticated { get { throw null; } }
         public override bool IsEncrypted { get { throw null; } }
         public override bool IsMutuallyAuthenticated { get { throw null; } }
         public override bool IsServer { get { throw null; } }
         public override bool IsSigned { get { throw null; } }
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         public virtual System.Security.Authentication.ExchangeAlgorithmType KeyExchangeAlgorithm { get { throw null; } }
+        [Obsolete("KeyExchangeAlgorithm, KeyExchangeStrength, CipherAlgorithm, CipherAlgorithmStrength, HashAlgorithm and HashStrength properties of SslStream are obsolete. Use NegotiatedCipherSuite instead.", DiagnosticId = "SYSLIB0058", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         public virtual int KeyExchangeStrength { get { throw null; } }
         public override long Length { get { throw null; } }
         public virtual System.Security.Cryptography.X509Certificates.X509Certificate? LocalCertificate { get { throw null; } }
@@ -681,7 +687,7 @@ public partial class AuthenticationException : System.SystemException
     {
         public AuthenticationException() { }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
-        [System.ObsoleteAttribute("This API supports obsolete formatter-based serialization. It should not be called or extended by application code.", DiagnosticId="SYSLIB0051", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
+        [System.ObsoleteAttribute("This API supports obsolete formatter-based serialization. It should not be called or extended by application code.", DiagnosticId = "SYSLIB0051", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         protected AuthenticationException(System.Runtime.Serialization.SerializationInfo serializationInfo, System.Runtime.Serialization.StreamingContext streamingContext) { }
         public AuthenticationException(string? message) { }
         public AuthenticationException(string? message, System.Exception? innerException) { }
@@ -690,7 +696,7 @@ public partial class InvalidCredentialException : System.Security.Authentication
     {
         public InvalidCredentialException() { }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
-        [System.ObsoleteAttribute("This API supports obsolete formatter-based serialization. It should not be called or extended by application code.", DiagnosticId="SYSLIB0051", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
+        [System.ObsoleteAttribute("This API supports obsolete formatter-based serialization. It should not be called or extended by application code.", DiagnosticId = "SYSLIB0051", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         protected InvalidCredentialException(System.Runtime.Serialization.SerializationInfo serializationInfo, System.Runtime.Serialization.StreamingContext streamingContext) { }
         public InvalidCredentialException(string? message) { }
         public InvalidCredentialException(string? message, System.Exception? innerException) { }
@@ -701,7 +707,7 @@ namespace System.Security.Authentication.ExtendedProtection
     public partial class ExtendedProtectionPolicy : System.Runtime.Serialization.ISerializable
     {
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
-        [System.ObsoleteAttribute("This API supports obsolete formatter-based serialization. It should not be called or extended by application code.", DiagnosticId="SYSLIB0051", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
+        [System.ObsoleteAttribute("This API supports obsolete formatter-based serialization. It should not be called or extended by application code.", DiagnosticId = "SYSLIB0051", UrlFormat = "https://aka.ms/dotnet-warnings/{0}")]
         protected ExtendedProtectionPolicy(System.Runtime.Serialization.SerializationInfo info, System.Runtime.Serialization.StreamingContext context) { }
         public ExtendedProtectionPolicy(System.Security.Authentication.ExtendedProtection.PolicyEnforcement policyEnforcement) { }
         public ExtendedProtectionPolicy(System.Security.Authentication.ExtendedProtection.PolicyEnforcement policyEnforcement, System.Security.Authentication.ExtendedProtection.ChannelBinding customChannelBinding) { }
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/NetEventSource.Security.cs b/src/libraries/System.Net.Security/src/System/Net/Security/NetEventSource.Security.cs
index b7a78b31e4bf0..5ca0be27a3572 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/NetEventSource.Security.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/NetEventSource.Security.cs
@@ -189,6 +189,7 @@ public void UsingCachedCredential(SslStream SslStream) =>
         private void UsingCachedCredential(int sslStreamHash) =>
             WriteEvent(UsingCachedCredentialId, sslStreamHash);
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
         [Event(SspiSelectedCipherSuitId, Keywords = Keywords.Default, Level = EventLevel.Informational)]
         public void SspiSelectedCipherSuite(
             string process,
@@ -204,6 +205,7 @@ public void SspiSelectedCipherSuite(
                 process, (int)sslProtocol, (int)cipherAlgorithm, cipherStrength,
                 (int)hashAlgorithm, hashStrength, (int)keyExchangeAlgorithm, keyExchangeStrength);
         }
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
 
         [NonEvent]
         public void RemoteCertificateError(SslStream SslStream, string message) =>
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Unix.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Unix.cs
index e68fb8e693bfb..baf35867eb598 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Unix.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Unix.cs
@@ -10,6 +10,8 @@
 using System.Diagnostics;
 using System.Security.Authentication;
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
+
 namespace System.Net.Security
 {
     internal partial struct SslConnectionInfo
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Unix.tt b/src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Unix.tt
index 6d853177e69c4..44749a7ee9d97 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Unix.tt
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslConnectionInfo.Unix.tt
@@ -13,10 +13,11 @@
 <# Array dataCipherAlgs = typeof(CipherAlgorithmTypeIndex).GetEnumValues(); #>
 <# Array dataHashAlgs = typeof(HashAlgorithmTypeIndex).GetEnumValues(); #>
 
-
 using System.Diagnostics;
 using System.Security.Authentication;
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedTlsCipherSuite.
+
 namespace System.Net.Security
 {
     internal partial struct SslConnectionInfo
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.IO.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.IO.cs
index faf807ff2603f..eac06538b9211 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.IO.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.IO.cs
@@ -392,6 +392,7 @@ private async Task ForceAuthenticationAsync<TIOAdapter>(bool receiveFirst, byte[
                 _localClientCertificateUsed = -1;
             }
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
             if (NetEventSource.Log.IsEnabled())
                 NetEventSource.Log.SspiSelectedCipherSuite(nameof(ForceAuthenticationAsync),
                                                                     SslProtocol,
@@ -401,7 +402,7 @@ private async Task ForceAuthenticationAsync<TIOAdapter>(bool receiveFirst, byte[
                                                                     HashStrength,
                                                                     KeyExchangeAlgorithm,
                                                                     KeyExchangeStrength);
-
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
         }
 
         // This method will make sure we have at least one full TLS frame buffered.
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs
index 4b3893156be3e..5607489e38d55 100644
--- a/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.cs
@@ -580,6 +580,7 @@ public virtual TlsCipherSuite NegotiatedCipherSuite
             }
         }
 
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public virtual CipherAlgorithmType CipherAlgorithm
         {
             get
@@ -589,6 +590,7 @@ public virtual CipherAlgorithmType CipherAlgorithm
             }
         }
 
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public virtual int CipherStrength
         {
             get
@@ -598,6 +600,7 @@ public virtual int CipherStrength
             }
         }
 
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public virtual HashAlgorithmType HashAlgorithm
         {
             get
@@ -607,6 +610,7 @@ public virtual HashAlgorithmType HashAlgorithm
             }
         }
 
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public virtual int HashStrength
         {
             get
@@ -616,6 +620,7 @@ public virtual int HashStrength
             }
         }
 
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public virtual ExchangeAlgorithmType KeyExchangeAlgorithm
         {
             get
@@ -625,6 +630,7 @@ public virtual ExchangeAlgorithmType KeyExchangeAlgorithm
             }
         }
 
+        [Obsolete(Obsoletions.TlsCipherAlgorithmEnumsMessage, DiagnosticId = Obsoletions.TlsCipherAlgorithmEnumsDiagId, UrlFormat = Obsoletions.SharedUrlFormat)]
         public virtual int KeyExchangeStrength
         {
             get
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ClientAsyncAuthenticateTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ClientAsyncAuthenticateTest.cs
index 73c102d51e953..e3f11f7e835cd 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ClientAsyncAuthenticateTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ClientAsyncAuthenticateTest.cs
@@ -143,23 +143,27 @@ private async Task ClientAsyncSslHelper(
                 try
                 {
                     Task clientTask = client.AuthenticateAsClientAsync(new SslClientAuthenticationOptions
-                        {
-                            EnabledSslProtocols = clientSslProtocols,
-                            RemoteCertificateValidationCallback = AllowAnyServerCertificate,
-                            TargetHost = serverName });
-                    serverTask = server.AuthenticateAsServerAsync( new SslServerAuthenticationOptions
-                        {
-                            EncryptionPolicy = encryptionPolicy,
-                            EnabledSslProtocols = serverSslProtocols,
-                            ServerCertificate = TestConfiguration.ServerCertificate,
-                            CertificateRevocationCheckMode = X509RevocationMode.NoCheck });
+                    {
+                        EnabledSslProtocols = clientSslProtocols,
+                        RemoteCertificateValidationCallback = AllowAnyServerCertificate,
+                        TargetHost = serverName
+                    });
+                    serverTask = server.AuthenticateAsServerAsync(new SslServerAuthenticationOptions
+                    {
+                        EncryptionPolicy = encryptionPolicy,
+                        EnabledSslProtocols = serverSslProtocols,
+                        ServerCertificate = TestConfiguration.ServerCertificate,
+                        CertificateRevocationCheckMode = X509RevocationMode.NoCheck
+                    });
 
                     await clientTask.WaitAsync(TestConfiguration.PassingTestTimeout);
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                     _log.WriteLine("Client authenticated to server with encryption cipher: {0} {1}-bit strength",
                             client.CipherAlgorithm, client.CipherStrength);
                     Assert.True(client.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
                     Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
                 }
                 finally
                 {
@@ -197,7 +201,9 @@ private bool AllowAnyServerCertificateAndVerifyConnectionInfo(
             SslStream stream = (SslStream)sender;
 
             Assert.NotEqual(SslProtocols.None, stream.SslProtocol);
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
             Assert.NotEqual(CipherAlgorithmType.None, stream.CipherAlgorithm);
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
 
             return true;  // allow everything
         }
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ClientDefaultEncryptionTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ClientDefaultEncryptionTest.cs
index 6059ec3477184..083aa5c5aad6b 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ClientDefaultEncryptionTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ClientDefaultEncryptionTest.cs
@@ -34,10 +34,12 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
                         client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false),
                         server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                     _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
-                        clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength) ;
+                        clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
                     Assert.True(client.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
                     Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
                 }
             }
         }
@@ -56,10 +58,12 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
                         client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false),
                         server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                     _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                         clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
                     Assert.True(client.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
                     Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
                 }
             }
         }
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs
index dea9fbe963f9b..f4c47cf0605cb 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAllowNoEncryptionTest.cs
@@ -35,10 +35,12 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
                         client.AuthenticateAsClientAsync("localhost", null, SslProtocols.None, false),
                         server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                     _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                         clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
                     Assert.NotEqual(CipherAlgorithmType.Null, client.CipherAlgorithm);
                     Assert.True(client.CipherStrength > 0);
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
                 }
             }
         }
@@ -59,10 +61,12 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
                         client.AuthenticateAsClientAsync("localhost", null, SslProtocols.None, false),
                         server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                     _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                         clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
                     Assert.NotEqual(CipherAlgorithmType.Null, client.CipherAlgorithm);
                     Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
                 }
             }
         }
@@ -85,12 +89,15 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
                         client.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false),
                         server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
 #pragma warning restore SYSLIB0039
+
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                     _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                         clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
 
                     CipherAlgorithmType expected = CipherAlgorithmType.Null;
                     Assert.Equal(expected, client.CipherAlgorithm);
                     Assert.Equal(0, client.CipherStrength);
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
                 }
             }
         }
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAsyncAuthenticateTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAsyncAuthenticateTest.cs
index 446b87e5e773b..44861f71ee308 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAsyncAuthenticateTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerAsyncAuthenticateTest.cs
@@ -429,6 +429,7 @@ private async Task ServerAsyncSslHelper(
                 await serverAuthentication.WaitAsync(TestConfiguration.PassingTestTimeout);
                 _logVerbose.WriteLine("ServerAsyncAuthenticateTest.serverAuthentication complete.");
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                 _log.WriteLine(
                     "Server({0}) authenticated with encryption cipher: {1} {2}-bit strength",
                     serverStream.Socket.LocalEndPoint,
@@ -440,6 +441,7 @@ private async Task ServerAsyncSslHelper(
                     "Cipher algorithm should not be NULL");
 
                 Assert.True(sslServerStream.CipherStrength > 0, "Cipher strength should be greater than 0");
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
             }
         }
 
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs
index c23a38a885425..d93a4e2a999d2 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerNoEncryptionTest.cs
@@ -70,13 +70,15 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
                         // null encryption is not permitted with Tls13
                         client.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false),
                         server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
-#pragma warning restore SYSLIB0039                        
+#pragma warning restore SYSLIB0039
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                     _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                         serverStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
 
                     Assert.Equal(CipherAlgorithmType.Null, client.CipherAlgorithm);
                     Assert.Equal(0, client.CipherStrength);
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
                 }
             }
         }
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs
index 992cafcc581f1..63adbe3e96a49 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/ServerRequireEncryptionTest.cs
@@ -34,10 +34,12 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
                         client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false),
                         server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                     _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                         clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
                     Assert.True(client.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
                     Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
                 }
             }
         }
@@ -58,10 +60,12 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
                         client.AuthenticateAsClientAsync("localhost", null, SslProtocolSupport.DefaultSslProtocols, false),
                         server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate));
 
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
                     _log.WriteLine("Client authenticated to server({0}) with encryption cipher: {1} {2}-bit strength",
                         clientStream.Socket.RemoteEndPoint, client.CipherAlgorithm, client.CipherStrength);
                     Assert.True(client.CipherAlgorithm != CipherAlgorithmType.Null, "Cipher algorithm should not be NULL");
                     Assert.True(client.CipherStrength > 0, "Cipher strength should be greater than 0");
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
                 }
             }
         }
@@ -79,10 +83,10 @@ public async Task ServerRequireEncryption_ClientNoEncryption_NoConnect()
                 using (var server = new SslStream(serverStream))
                 {
                     Task serverTask = server.AuthenticateAsServerAsync(TestConfiguration.ServerCertificate);
-#pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete                    
+#pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete
                     await Assert.ThrowsAsync(TestConfiguration.SupportsHandshakeAlerts ? typeof(AuthenticationException) : typeof(IOException), () =>
                             client.AuthenticateAsClientAsync("localhost", null, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, false));
-#pragma warning restore SYSLIB0039                            
+#pragma warning restore SYSLIB0039
                     try
                     {
                         await serverTask.WaitAsync(TestConfiguration.PassingTestTimeout);
diff --git a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSystemDefaultsTest.cs b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSystemDefaultsTest.cs
index 51b28f5b26f60..5bdfa0f5d7ac6 100644
--- a/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSystemDefaultsTest.cs
+++ b/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSystemDefaultsTest.cs
@@ -95,6 +95,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
 #pragma warning restore 0618
                 {
                     Assert.True(
+#pragma warning disable SYSLIB0058 // Use NegotiatedCipherSuite.
 #pragma warning disable SYSLIB0039 // TLS 1.0 and 1.1 are obsolete
                         (_clientStream.SslProtocol == SslProtocols.Tls11 && _clientStream.HashAlgorithm == HashAlgorithmType.Sha1) ||
 #pragma warning restore SYSLIB0039
@@ -102,6 +103,7 @@ await TestConfiguration.WhenAllOrAnyFailedWithTimeout(
                         _clientStream.HashAlgorithm == HashAlgorithmType.Sha384 ||
                         _clientStream.HashAlgorithm == HashAlgorithmType.Sha512,
                         _clientStream.SslProtocol + " " + _clientStream.HashAlgorithm);
+#pragma warning restore SYSLIB0058 // Use NegotiatedCipherSuite.
                 }
             }
         }