Search Unity

  1. Get all the Unite Berlin 2018 news on the blog.
    Dismiss Notice
  2. Unity 2018.2 has arrived! Read about it here.
    Dismiss Notice
  3. We're looking for your feedback on the platforms you use and how you use them. Let us know!
    Dismiss Notice
  4. Improve your Unity skills with a certified instructor in a private, interactive classroom. Learn more.
    Dismiss Notice
  5. ARCore is out of developer preview! Read about it here.
    Dismiss Notice
  6. Magic Leap’s Lumin SDK Technical Preview for Unity lets you get started creating content for Magic Leap One™. Find more information on our blog!
    Dismiss Notice
  7. Want to see the most recent patch releases? Take a peek at the patch release page.
    Dismiss Notice

Unity 2017.1 - TLS 1.2 still not working with .NET 4.6

Discussion in 'Experimental Scripting Previews' started by Zocker1996, Aug 9, 2017.

  1. Zocker1996

    Zocker1996

    Joined:
    Jan 12, 2015
    Posts:
    20
    Using the following code with Scripting Runtime Version .NET 4.6

    Code (CSharp):
    1. using System.Net.Security;
    2. using System.Net.Sockets;
    3. using UnityEngine:
    4. public class TlsTest : MonoBehaviour{
    5.     void Start(){
    6.         TcpClient client = new TcpClient ();
    7.         client.Connect ("localhost", 56782);
    8.         SslStream ssl = new SslStream (client.GetStream());
    9.         ssl.AuthenticateAsClient ("localhost");
    10.     }
    11. }
    gives me this error:
    Code (CSharp):
    1. Assets/Main.cs(8,19): error CS0012: The type `Mono.Security.Interface.IMonoSslStream' is defined in an assembly that is not referenced. Consider adding a reference to assembly `Mono.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756'

    Using the code with .NET 3.5 is fine BUT .NET 3.5 is missing TLS 1.2 (4.6 should have it).
    Since I need TLS 1.2 using .NET 3.5 isn't a solution.

    I searched for the needed DLL, found it here (https://github.com/danzel/Npgsql/blob/master/lib/Mono.Security/4.0/Mono.Security.dll) and added a reference.
    This gives me this error:
    Code (CSharp):
    1. Assets/Main.cs(8,19): error CS7069: Reference to type `Mono.Security.Interface.IMonoSslStream' claims it is defined assembly `Mono.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756', but it could not be found
     
  2. JoshPeterson

    JoshPeterson

    Unity Technologies

    Joined:
    Jul 21, 2014
    Posts:
    3,273
    Actually when we build Mono for Unity we don't include TLS 1.2 support, as how it is supported and implemented varies across platforms. We're currently working on a common backend which will support TLS 1.2, but it is not ready yet.

    So the new Mono runtime has the same TLS support as the old Mono runtime - which is to say - not much. We're working to improve that.
     
    Ethan_VisualVocal and BlackPete like this.
  3. Zocker1996

    Zocker1996

    Joined:
    Jan 12, 2015
    Posts:
    20
    Thanks for the answer!
    For my next iOS and Android project TLS1.2 will be mandatory.
    Do you think your are able to implement it till the end of the year?
    If not, I'm going to use the platforms native SSL Engines and build a workaround, but an out of box unity would be much cooler :)
     
  4. JoshPeterson

    JoshPeterson

    Unity Technologies

    Joined:
    Jul 21, 2014
    Posts:
    3,273
    I don't have a timetable, so I think that you should stick to the platform native SSL engines for the time being to be safe.
     
  5. Tazadar66

    Tazadar66

    Joined:
    Aug 27, 2013
    Posts:
    31
    Hello is it still the case for 2017.2 version ?
     
  6. JoshPeterson

    JoshPeterson

    Unity Technologies

    Joined:
    Jul 21, 2014
    Posts:
    3,273
    Yes, we have not completed TLS support for Unity 2017.2. Using platform native SSL libraries is still the best option.
     
  7. Tazadar66

    Tazadar66

    Joined:
    Aug 27, 2013
    Posts:
    31
    Thanks for the answer!

    Still no ETA I suppose?

    I will just make a PC version for now then....
     
  8. JoshPeterson

    JoshPeterson

    Unity Technologies

    Joined:
    Jul 21, 2014
    Posts:
    3,273
    Yes, no ETA unfortunately yet.
     
  9. enne30

    enne30

    Joined:
    Feb 1, 2017
    Posts:
    3
    Hi,

    any news regarding this issue?

    Thank you.
     
  10. JoshPeterson

    JoshPeterson

    Unity Technologies

    Joined:
    Jul 21, 2014
    Posts:
    3,273
    We don't have any news yet. We're hoping to get TLS 1.2 support in 2018.1 before the end of the beta period, but it is not ready yet.
     
    Seraphic572 and enne30 like this.
  11. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
    Thank you for this update, I have been looking forward to TLS 1.2 support for years. Will that support allow for System.Net.Protocol to be used instead of mono or will it be a custom build from Unity that allows TLS 1.2 encryption over sockets to be possible on iOS? Most of my back-end server uses custom asynchronous socket management, but the TLS limitations prevents me from using TLS 1.2.

    I prefer direct socket management as I have full control of who and what is connecting to my server allowing me to isolate sensitive data and protect it better. Thus, i don't use web based HTTPS calls, unless I have to. For example, I know UnityWebRequest handles TLS 1.2 just fine, but, I don't use HTTPS calls which build and tear down the socket, I maintain a socket connection with the Socket class.

    I would be open to moving to TPL if it supported TLS12 on all of the platforms, but I would like to maintain that socket level control.
     
  12. andreasreich

    andreasreich

    Unity Technologies

    Joined:
    Sep 24, 2017
    Posts:
    17
    We will have TLS1.2 on all platforms in 2018.2 via UnityWebRequest, SSLStream and other higher level .Net45 classes like HttpClient.
    As far as I know, UnityWebRequest does not support TLS on all platforms currently.

    I'm not sure though what you mean with System.Net.Protocol. Also, I don't know what TPL is in this context, can give a few more details maybe? Thanks! :)
     
  13. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
    UnityWebRequest is more focused on website, webserver based HTTP requests. The Socket Class is using Mono for the TLS security, it's outdated, that's what needs to be updated. The System.Net.Portocol is just related, it's where the enum is for Tls12.

    TPL is just the Task Parallel Library, it's another way to implement an asynchronous socket server, though I don't know a lot about it, I believe it wraps around the Socket class at a higher level. I would hope Unity has discussed in detail how to get the Socket class up to speed by now as I have brought this up for years....
     
  14. andreasreich

    andreasreich

    Unity Technologies

    Joined:
    Sep 24, 2017
    Posts:
    17
    If you're talking about System.Net.Sockets.Socket, it is not using any SSL/TLS at all. After all, it is just a socket. As such it is not aware of any higher level protocols and operates solely on UDP/TCP. You can of course use Socket with SSLStream though.

    What is it that you are missing with the Socket? I'm fairly new here, so I think missed any concerns about it.
     
  15. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
  16. andreasreich

    andreasreich

    Unity Technologies

    Joined:
    Sep 24, 2017
    Posts:
    17
    That one will be fixed in 2018.2, code for this is on the way to our main development line but sadly won't make it to 2018.1
     
    enne30 and Bhearus like this.
  17. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
    Ok, well I am just glad it's on the radar.
     
  18. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
  19. andreasreich

    andreasreich

    Unity Technologies

    Joined:
    Sep 24, 2017
    Posts:
    17
    @Bhearus: I replied on your issue via fogbugz, but here again for everyone to read:
    Your specific error is caused by accessing one of the SslStream properties that are on Mono's "internal todo" list. Means that we're are not getting them in our backend at all yet. We could go ahead and implement them ourselves, but that would mean conflicts in the near future thus making it harder for us to keep things up to date.
    So I'm sorry to say that we won't fix this for 2018.2
    Affected are:
    • CipherStrength
    • HashStrength
    • KeyExchangeStrength
    • CheckCertRevocationStatus
    See:
    https://github.com/mono/mono/blob/m...et.Security/MobileAuthenticatedStream.cs#L879
    (or respectively our fork https://github.com/Unity-Technologi...et.Security/MobileAuthenticatedStream.cs#L879)
     
    Bhearus likes this.
  20. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
    I'm fine with a work around for now, because until I can do this, I can't move to 2018.1. I don't mind correcting it once the fix is in.
     
  21. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
    I wanted to add, I really appreciate your responses. The communication is great. I know I have been pushing this issue for a while now and I am a bit of a pain about it. I am one of those developers who believes Unity can do MUCH more than make video games, and have demonstrated as much in the past few years. One of the key portions of that expanded development involves protecting sensitive data through TLS encryption. HIPAA compliance, PCI, PA-DSS all require the TLS v1.2 for both financial and medical industries, as well as others.

    Thank you again for the communication!
     
    andreasreich likes this.
  22. andreasreich

    andreasreich

    Unity Technologies

    Joined:
    Sep 24, 2017
    Posts:
    17
    Thank you, really nice to hear that :)

    Just to clarify, all the new TLS bits and pieces are about 2018.2! There is nothing we did in 2018.1 except maybe "accidentally" by upgrading Mono. No guarantees on anything TLS in 2018.1


    As for workarounds: The project you attached to the bugticket (which looked oddly familiar to me ;)) works fine for me in 2018.2 once you comment out all the lines where it logs the properties I've mentioned. (small disclaimer: Haven't fully tested myself yet since the project looked so familiar and the exception seemed straight-forward to me)
     
    Cromfeli likes this.
  23. Cromfeli

    Cromfeli

    Joined:
    Oct 30, 2014
    Posts:
    170
    Any update on this progress or any issues popping up for limitations or everything good for 2018.2?
     
  24. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
    I don’t think it will work until 2018.3. Eagerly waiting for the beta of that version. Until then I’m stuck in 2017 and don’t have the interest to rebuild mono to comment out lines.
     
    Last edited: Jun 19, 2018
  25. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
    Well it works with 2018.2b10, in the QA test I sent in, but not in my project. So bizarre.
     
  26. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
    I got it, it works. yay! Will do a wireshark test later, but the protocols are set to Tls12 so that's good!
     
  27. Glader

    Glader

    Joined:
    Aug 19, 2013
    Posts:
    313
    Does that mean the public 2018.2.0b10 has working TLS support for Mono/net4.x/netstandard2.0? Can we expect this support to make it to the release candidates or final releases?

    edit: I ended up with TlsException: Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: UNITYTLS_X509VERIFY_FATAL_ERROR

    edit2: That was with SecurityProtocolType.Tls. Switching to SecurityProtocolType.Tls12 and finally things work.
     
    Last edited: Jul 2, 2018
  28. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
    Yes, I was able to get it working. I had to revaluate how I was exporting my certificates but after that my servers and clients started talking perfectly.

    I don’t know about the release question though. I assume it will, but I am not 100%.
     
  29. andreasreich

    andreasreich

    Unity Technologies

    Joined:
    Sep 24, 2017
    Posts:
    17
    Yep, everything TLS1.2 will land in the 2018.2 release. Also, all bug fixes for TLS things that were reported during the beta phase are making it to the final version :)
     
    Last edited: Jul 7, 2018
  30. andreasreich

    andreasreich

    Unity Technologies

    Joined:
    Sep 24, 2017
    Posts:
    17
    Yeah, it's a .Net thing, the default everywhere is SecurityProtocolType.Tls
    A bit sad though that we give out such a poor error message, I'll make a note to check if that can be fixed with reasonable effort.
     
  31. Bhearus

    Bhearus

    Joined:
    Aug 17, 2013
    Posts:
    25
    Hey, if you get a chance can you check out FrogBugz ticket #1057764. It's related to the WriteCallback, InvalidOperationException: invalid nested call. I submitted the bug this morning.
     
  32. andreasreich

    andreasreich

    Unity Technologies

    Joined:
    Sep 24, 2017
    Posts:
    17
    Just for for everyone else following this thread: This is an expected error for attempting interleaved asynchronous write calls on SslStream like BeginWrite and no bug in Unity. Using this advice Bhearus was able to fix the issue in his project.
    So everything looks good for TLS in 2018.2 so far :)
     
    Last edited: Jul 14, 2018
    remy_rm, Cromfeli and r618 like this.
  33. jguerra

    jguerra

    Joined:
    Jul 2, 2012
    Posts:
    3
    Hello

    I'm having an issue sending emails withing Unity and I think it might be relevant for this thread.
    Using 2017.17f1 emails were sent properly in Editor on both Windows and OSX but not working on iOS (couldn't quite figure out why but I think it had to do with stripping of libraries when building to IL2CPP).

    Nevertheless, we have updated the project to use 2018.2.2f1 and now emails are not even working in editor on either platform.

    This is the error I get:

    emailerrors.png

    This is the code I'm using (slightly edited to post here):

    Code (CSharp):
    1. public void SendEmail(string email, string password, Action<Error> callback = null) {
    2.         _emailSentCallback = callback;
    3.  
    4.         _mailMessage = new MailMessage {
    5.             From = new MailAddress(_fromEmail),
    6.             Subject = "subject",
    7.             Body = "body"
    8.         };
    9.  
    10.         _mailMessage.To.Add(email);
    11.  
    12.         SmtpClient smtpServer = new SmtpClient("smtp.office365.com") {
    13.             Port = 587,
    14.             EnableSsl = true,
    15.             UseDefaultCredentials = false,
    16.             DeliveryMethod = SmtpDeliveryMethod.Network,
    17.             Credentials = new System.Net.NetworkCredential(_username, _password) as ICredentialsByHost
    18.         };
    19.  
    20.         ServicePointManager.ServerCertificateValidationCallback = delegate (object s, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; };
    21.      
    22.         smtpServer.SendCompleted += new SendCompletedEventHandler(EmailSentCallback);
    23.         smtpServer.SendAsync(_mailMessage, _uniqueToken);
    24.     }
    I've also tried adding this line before calling the function with no sucess.
    System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;


    Any idea what it might be?
    Cheers.
     
  34. JoshPeterson

    JoshPeterson

    Unity Technologies

    Joined:
    Jul 21, 2014
    Posts:
    3,273
    I'm not sure about the cause of this issue. However, it looks like a bug (since it worked in earlier versions of Unity). Can you submit a bug report?
     
  35. jguerra

    jguerra

    Joined:
    Jul 2, 2012
    Posts:
    3
    Thanks for the reply.
    I've just submitted a bug report. Here's the case id: 1069532

    When building the test project, I've stumbled upon the fact that it works if the scripting runtime version is .NET 3.5 but not with .NET 4.0.

    Unfortunately we're using async Tasks so we kind of need to use 4.0.
     
  36. JoshPeterson

    JoshPeterson

    Unity Technologies

    Joined:
    Jul 21, 2014
    Posts:
    3,273
    Thanks, we'll investigate this.
     
    Cromfeli likes this.
  37. jguerra

    jguerra

    Joined:
    Jul 2, 2012
    Posts:
    3
    Got a reply with a alpha build to test it out and it works. :)
    Awesome response time from the Unity team.

    The fix will be released with Unity 2017.3.0.
     
  38. aurelien-morel-ubiant

    aurelien-morel-ubiant

    Joined:
    Sep 27, 2017
    Posts:
    11
    I think you would say 2018.3 but great to hear that !
     
  39. playent

    playent

    Joined:
    Jan 21, 2015
    Posts:
    32
    Can’t establish a secure websocket connection using websockets-sharp because Tls 1.2 support is non existent on Unity macos. Total BS... $&%#!