"Failed to read data to TLS context - error code: UNITYTLS_INTERNAL_ERROR" in company network

Hi,

I'm working for a big company with a very strong firewall. In particular the firewall decodes all encoded traffic, analyzes it and sends it re-encoded. Windows trusts the certificate of the "encryption-breaker" so all webpages work fine in all webbrowsers and other c# projects.
However in Unity even in an empty project when I send an HTTP-request like this:

Code (CSharp):

1. string html = string.Empty;
2. string url = @"Any URL";
3.  
4. WebProxy proxy = new WebProxy
5. {
6.         Address = new Uri($"URL of my company Proxy"),
7. };
8.  
9. HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
10. request.AutomaticDecompression = DecompressionMethods.GZip;
11. request.Proxy = proxy;
12. request.UseDefaultCredentials = true;
13.  
14. using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
15. using (Stream stream = response.GetResponseStream())
16. using (StreamReader reader = new StreamReader(stream))
17. {
18.         html = reader.ReadToEnd();
19. }
20. Debug.Log(html);

I get a "TlsException: Failed to read data to TLS context - error code: UNITYTLS_INTERNAL_ERROR".

Full stack trace:
https://pastebin.com/RvPx13T9

This might be hard for you to reproduce because of our custom firewall but here as much additional info as I know:

• Occures on all unity versions I tested it with (2019.2.0f1, 2019.3.0f6)
• Same URL always works on any browser but always fails in Unity
• Occures in empty projects
• Works in other C# projects with exactly the same code
• Works outside of the company network with almost the same code (without setting the proxy)
• Occures with all libraries I tried for HTTP-requests like HttpWebRequest, UnityWebRequest, WebRequest and HttpClient
• Adding a ServerCertificateValidationCallback that accepts all certificates does not resolve the issue

In a different thread @Tautvydas-Zilys wrote: "Correct. Unity will do what Internet Explorer does under the hood when you visit the website."
There has to be a difference because in Internet Explorer it works fine.

I did not find anyone else on the internet getting this error message and the only search result was the github with the mono code.
Does anyone have an idea how I can get HTTP-Requests to work?

Edit: The resulting application will be supplied to hundreds or thousands of clients inside our network so just ignoring the issue or developing in a different network is not an option

 

Case 1217164

 

@andreasreich Still getting an error but now it's a different one:
https://pastebin.com/EGEqRkMB

Thank you for your fast Support!

 

This is still a big issue for us. @andreasreich Do you think there is a workaround to bypass unity tls code and use the default c# one or somthing similar. I assume there won't be a fix in a future unity version soon but we have to make this work.
One possibility would be to pipe the traffic through a native c# app. However is extremely ugly and might even be a security risk.
Do you have any other ideas?

 

@andreasreich I tested curl and it worked fine getting and showing the response.

However I tested many things again today and noticed that at least today it only worked outside of unity when I didn't set the proxy in the HttpWebRequest. If I set the Proxy I get a similar result to the one in unity.
https://pastebin.com/50kMk00W
It seems that this is not a Problem with unity after all. Outside of unity it works without Setting the Proxy which surprises me because in a Microsoft api also working with http requests internally I had to set it.

Despite all of this my Problem is still not fixed because in unity without Setting the Proxy I get a timeout on all websites (even non https ones). https://pastebin.com/YHGDX4i2
After looking into this with wireshark I noticed quite a difference with the network packages between unity and non-unity:
In non-unity I clearly see the HTTP-GET request in the packages.
In Unity I only see the DNS lookups on some unity Server

I have not a single HTTP request in wireshark for the whole ~24 seconds until the timeout.

curl works on the website, non-unity c# works without proxy with the Website but unity c# times out without proxy on the same website.
Could this be a Firewall issue? I did not Change any Settings neither for unity nor the non-unity Project.

 

Instead of the HTTP package I see when I send an HTTP request via non-unity c# I just noticed a TCP package to the desired Server when sending it in a unity project. The Server never responds with any package. Is the TCP package instead of HTTP intended behavour? I expected an HTTP package to show up in wireshark wether I send an HTTP request in a unity project or in a c# Project.