Search Unity

Questions around TLS support on 2018.1

Discussion in '2018.1 Beta' started by Nabren, Apr 4, 2018.

  1. Nabren

    Nabren

    Joined:
    Mar 7, 2014
    Posts:
    61
    After changing Scripting Runtime Version to "Stable (.NET 4.x Equivalent)" there seems to be some incompatibilities with things that used to work before on the .NET Subset. Some are easy to workaround, but the missing TLS support seems problematic.

    Here is the exception on Mac while building with ".NET Standard 2.0" Api Compatibility Level related to TLS:

    NotSupportedException: Could not find TLS Provider: `Mono.AppleTls.AppleTlsProvider'.
    at Mono.Net.Security.MonoTlsProviderFactory.LookupProvider (System.String name, System.Boolean throwOnError) (at <29f77733112e45758bddddda41557ba4>:0)
    at Mono.Net.Security.MonoTlsProviderFactory.CreateDefaultProviderImpl () (at <29f77733112e45758bddddda41557ba4>:0)
    at Mono.Net.Security.MonoTlsProviderFactory.InitializeInternal () (at <29f77733112e45758bddddda41557ba4>:0)
    at Rethrow as NotSupportedException: TLS Support not available.
    at Mono.Net.Security.MonoTlsProviderFactory.InitializeInternal () (at <29f77733112e45758bddddda41557ba4>:0)
    at Mono.Net.Security.MonoTlsProviderFactory.GetProviderInternal () (at <29f77733112e45758bddddda41557ba4>:0)
    at Mono.Net.Security.MonoTlsProviderFactory.GetProvider () (at <29f77733112e45758bddddda41557ba4>:0)
    at Mono.Net.Security.NoReflectionHelper.GetProvider () (at <29f77733112e45758bddddda41557ba4>:0)
    at Mono.Security.Interface.MonoTlsProviderFactory.GetProvider () (at <7a3029b125ef46239232d401ab7fb89b>:0)
    at System.Net.Security.SslStream.GetProvider () (at <29f77733112e45758bddddda41557ba4>:0)
    at System.Net.Security.SslStream..ctor (System.IO.Stream innerStream, System.Boolean leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback userCertificateSelectionCallback) (at <29f77733112e45758bddddda41557ba4>:0)
    at (wrapper remoting-invoke-with-check) System.Net.Security.SslStream..ctor(System.IO.Stream,bool,System.Net.Security.RemoteCertificateValidationCallback,System.Net.Security.LocalCertificateSelectionCallback)


    After changing the Api Compatibility Level to ".NET 4.x" this goes away on Mac so no big deal there.

    Unfortunately even on Api Compatibility Level ".NET 4.x", it seems to still be missing on Android:

    E/Unity   ( 8934): NotSupportedException: Could not find TLS Provider: `Mono.Net.Security.LegacyTlsProvider'.
    E/Unity ( 8934): at Mono.Net.Security.MonoTlsProviderFactory.LookupProvider (System.String name, System.Boolean throwOnError) [0x00000] in <00000000000000000000000000000000>:0
    E/Unity ( 8934): at Mono.Net.Security.MonoTlsProviderFactory.InitializeInternal () [0x00000] in <00000000000000000000000000000000>:0
    E/Unity ( 8934): at Mono.Net.Security.MonoTlsProviderFactory.GetProviderInternal () [0x00000] in <00000000000000000000000000000000>:0
    E/Unity ( 8934): at Mono.Net.Security.MonoTlsProviderFactory.GetProvider () [0x00000] in <00000000000000000000000000000000>:0
    E/Unity ( 8934): at Mono.Security.Interface.MonoTlsProviderFactory.GetProvider () [0x00000] in <00000000000000000000000000000000>:0
    E/Unity ( 8934): at System.Net.Security.SslStream..ctor (System.IO.Stream innerStream, System.Boolean leaveInnerStreamOpen, System.Net.Security.RemoteCertificateValidationCallback userCertificateValidationCallback, System.Net.Security.LocalCertificateSelectionCallback userCertificateSelectionCallback) [0x00000] in


    Of note the same code on Android, iOS, Mac and Windows has zero issues with TLS under .NET Subset on Unity 5.6. Does anyone know if this is something that is actively being worked on, never going to be added to the upgraded runtime, or something else entirely?
     
    Last edited: Apr 4, 2018
  2. Nabren

    Nabren

    Joined:
    Mar 7, 2014
    Posts:
    61
    Update:

    I have tracked the Android issue down to an IL2CPP problem. If I switch the scripting backend to Mono on Android the exception no longer occurs.

    Working on submitting a bug report but it's also hanging on "Uploading the report" so not sure what's going on.

    EDIT: Finally got the bug report submitted. It looks like it was including the Library folder (800 MB even for an empty project) and Temp/StagingArea which was adding another 1GB to the bug report. Those folders must be big even with very little scripts or assets due to building the project for Android IL2CPP.

    Cleared both those folders before submitting and got it down to 40MB.
     
    Last edited: Apr 4, 2018
  3. andreasreich

    andreasreich

    Unity Technologies

    Joined:
    Sep 24, 2017
    Posts:
    51
    Full TLS1.2 support for all platforms will come in 2018.2 for .Net45
    What we have for all the other versions right now is just what the respective Mono version provides. That means for 2018.1 limited TLS support on desktop platforms for .Net45, just as you described.

    What I can't entirely make sense of yet is:
    • Why did TLS work for you in 5.6 - I actually expected this to fail (differently) always... but sounds like I had an incorrect picture of the previous TLS capabilities
    • Why does Android in 2018.1 work for you with Mono as scripting backend (as opposed to Il2cpp)
    Answer in part to both might be that we're stripping out Mono.Net.Security.LegacyTlsProvider with Il2cpp, which provides enough TLS functionality to get your code going. I'll ask around and investigate!
     
  4. Nabren

    Nabren

    Joined:
    Mar 7, 2014
    Posts:
    61
    I still get an error logged to adb logcat during the SslStream constructor under Mono in 2018.1:

    E/Unity (23382): Unable to find libc

    But no exception and it definitely reads and writes data using the SslStream but eventually the app just crashes when running under Mono with a bunch of really random things in logcat, nothing I can pin it to yet.

    However, if the SslStream wasn't working the data wouldn't even be getting decrypted properly and the messages are definitely making it through intact.

    EDIT: Looks like the crashes are just higher memory usage under 2018.1 vs 5.6, so will have to dig into what's using more memory. Grabbed a higher end device and it works just fine.
     
    Last edited: Apr 4, 2018
  5. JoshPeterson

    JoshPeterson

    Unity Technologies

    Joined:
    Jul 21, 2014
    Posts:
    4,238
    This is an unfortunate message that comes from Mono. It doesn't necessarily indicate a problem, as many code paths which try to use something from libc (which is not available on Android), can fall back to a different solution. Unless this is followed by another error, this message is safe to ignore.
     
  6. Nabren

    Nabren

    Joined:
    Mar 7, 2014
    Posts:
    61
    Adding the following to link.xml allows SslStream to work on Android IL2CPP as well under 4.x on 2018.1:

    <assembly fullname="System">
    <type fullname="Mono.Net.Security.LegacyTlsProvider" preserve="all" />
    </assembly>


    I couldn't figure out which assembly Mono.Net.Security was in and then just tried System on a whim since it is the DLL that has System.Net.Security and it worked!
     
    Last edited: Apr 5, 2018
    for3eye and Claytonious like this.
unityunity