Are there threading issues here? bool? is two bool fields (one for null or not, one for the value) and they're not necessarily updated or read atomically. If someone was reading IsLocalClientCertificateUsed while this was being reset, might they end up reading an incorrect value, e.g. if this flipped the value from true to false before flipping the null state?

The value can go only from false to true, and that happens only during renegotiation/post-handshake authentication, which is usually at most once per connection.

The only thing I can think of is

• thread 1 writes HasValue = false (part of the null assignment)
• thread 2 accesses IsLocalClientCertificateUsed, assigning HasValue = true, Value = true
• thread 1 writes Value = false (if that is how null assignment work)

Actual calculation of the new value is expensive (which is why I wanted to cache it) so this ordering is not likely, but still possible in theory.

If you still see any concerns than I think we can either move to something like Lazy (at the cost of small allocation) or fetching the new value here (potential small perf hit on (windows) client in mutual auth scenario).

I'd just change the storage to something written atomically, e.g. use an int that's 0 for uninitialized, 1 for true, -1 for false.