How to secure (encrypt) tcp client server connection?

I already have tcp client (unity) and server (c# console app), and i want to replace stream with sslstream to encrypt connection. How to do that?

 

Have you looked at the example in the Microsoft documentation? Looks unusually thorough.
https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream?view=netcore-3.1

 

Yes, i already tried this, but it is not working for me, i tried a lot and i have probably 4 different errors, one at server about "no private key password", another on client in unity something like this: "Unitytls x509verify flag not trusted", and i also tried make client in c# console app, and it works probably the best, but also have error on client: "The remote certificate is invalid according to the validation procedure", but only console client gives sslstreaminfo on server.

 

The errors you are receiving sound like you are not using a certificate from a trusted authority and the authentication is working as designed (certificate fails authentication = cancel connection). If you're using a self signed certificate you probably need to manually install the certificate into the client computer's operating system. I think that is done through certmgr in Windows, but I haven't done that in years so not sure.

 

Yeah, I use self-signed certificate, but how to add it to unity client? And another question, witch files (cert.cer cert.pem cert.pfx cert.pvk) can be shared to client without risk of certificate broken? I don't know much about certificates.

 

When you get to production, you won't want to be sharing any certificate files with the client. You'll want to get a certificate signed by a well known trusted certificate authority which is already preconfigured in all modern operating systems. Whoever you got your domain name from likely also offers SSL certificate services. You could start there, or just google "cheap certificate authorities".

 

This ^^^

But as far as adding your self signed cert for testing purposes, the steps differ by OS. This isn't actually related to Unity at all. Google for adding self signed certificate for your client's OS and version and go from there. You'll probably find a video, tutorial, or some post on some other forum explaining the process.

You'll need to purchase a certificate from a trusted authority for your domain name where you will be hosting your server once you're ready to start getting customers using your game.

 

Can i use letsencrypt? It is not selft signed, right? But letsencrypt only generates cert.pem, chain.pem, fullchain.pem, privkey.pem and i cannot use this files with X509Certificate variable. I use letsencrypt to generate certs for my apache2 server and it shows me: Issued to: <MyDomain>, Issued By: Let's Encrypt Authority X3, so i guess it is not self-signed. So how to use it with unity?