Search Unity

  1. Unity 6 Preview is now available. To find out what's new, have a look at our Unity 6 Preview blog post.
    Dismiss Notice
  2. Unity is excited to announce that we will be collaborating with TheXPlace for a summer game jam from June 13 - June 19. Learn more.
    Dismiss Notice

Question PlayFab warning about tls 1.0 usage. How do I force tls version?

Discussion in 'Web' started by DOCSKI_GAMES, Sep 12, 2023.

  1. DOCSKI_GAMES

    DOCSKI_GAMES

    Joined:
    Apr 13, 2012
    Posts:
    139
    Hello,

    PlayFab recently sent me a warning stating that some of the traffic from my WebGL game is using TLSv1.0 and that they're about to discontinue TLSv1.0 support.

    What I dont understand is, whenever I log the traffic of my webgl using chrome tools, it states I am communicating via TLSv1.2.

    Taking the steps of this unity document into account:
    I checked my webserver using a TLS checker and it returns that TLSv1.2 is supported.

    I also have a windows client for the game and when I log the traffic via WireShark, I see nothing regarding TLSv1.0

    So my question is, what scenario could I be overlooking? Could it be a chase where some of my WebGL clients just happen to be on older browsers?

    Is there any test case it seems that I am missing?
     

    Attached Files:

    • tls.jpg
      tls.jpg
      File size:
      102.4 KB
      Views:
      37
    • tls.jpg
      tls.jpg
      File size:
      102.4 KB
      Views:
      37
  2. jukka_j

    jukka_j

    Unity Technologies

    Joined:
    May 4, 2018
    Posts:
    953
    This reads to me a likely explanation. TLS 1.2 was introduced in August 2008, so it should be widely supported anywhere. The client browser and the web server will negotiate TLS encryption settings, so this should be all automatic.

    There is nothing that you as a WebGL platform game developer would be able to address, unless you are configuring your web server on your own; which sounds to me that PlayFab is doing for you?

    Is PlayFab able to give you network traffic statistics of how much of the total bandwidth TLS < 1.2 constitutes?
     
  3. DOCSKI_GAMES

    DOCSKI_GAMES

    Joined:
    Apr 13, 2012
    Posts:
    139
    Thank you so much for taking the time, I truly appreciate it.

    To clarify, PlayFab is a BaaS tool which I use for user accounts and the client itself is hosted via nfoservers so do you mean the web server being communicated with(PlayFab) is what plays a role in the TLS settings or the web server the WebGL client is running on? (Seeing as the client game files are hosted on a webserver too)

    My assumption is that the client browser and server being communicated with is all that matters, but just trying to clarify.

    I will pass the question you posed to them as it was their suggestion to ask here.
     
  4. DOCSKI_GAMES

    DOCSKI_GAMES

    Joined:
    Apr 13, 2012
    Posts:
    139
    What about a game running on Windows and communicating with PlayFab. Could it be possible that the windows version is using TLSv1? (Even though based on the docs, it supports v1.2?)
    Is using TLSv1.2 something I have to enable?

    They state that about 0.5% of requests are TLSv1 which leads me with 2 possibilities:
    1. A tiny percentage of users using outdated browsers
    2. My windows game servers (Since there are significantly less game servers than players)
     
  5. jukka_j

    jukka_j

    Unity Technologies

    Joined:
    May 4, 2018
    Posts:
    953
    I am afraid my knowledge ends beyond the web platform. Not quite sure if there might be a Windows game server component that would be using older TLS. Might be a shot to guide the question towards Windows sides of the forums to be sure.

    On Web platform at least Unity does not govern any own implementations of TLS, it is all browser managed, so I know it would not be anything in Unity's Web platform builds at least that could be doing this.
     
  6. jukka_j

    jukka_j

    Unity Technologies

    Joined:
    May 4, 2018
    Posts:
    953
    I pinged internally about this, and the reply I got back was

    "Assuming any TLS-enabled component in the server uses UnityTLS under the hood to establish the session, clients should always offer support for TLS 1.2, unless explicitly told to do otherwise through authentication options."

    If that applies to you, then may be worth double checking the option.