Search Unity

UnityWebRequest - Unable to complete SSL connection

Discussion in 'Editor & General Support' started by TitanUnity, Oct 8, 2018.

  1. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    Hi,

    Our team noticed occasional reports of users being unable to communicate with our web service over https.

    After seeing occasional reports from players being unable to connect to our game, we built a system that captures the error event when it occurs and gives us a bit more context about the error. To our surprise we found that the issue happens hundreds of times each day for over 200 unique users.

    The specific error message we see is: "Unable to complete SSL connection"

    Specifically, this error occurs for a limited set of users when we make calls like the one below. For the vast majority of our users, including ALL of inhouse staff, we're unable to recreate this problem and everything works fine. But for over 200 unique users each day we get lots of reports of "Unable to complete SSL connection" which fires as a part of a isNetworkError response:

    Code (CSharp):
    1. UnityWebRequest www = UnityWebRequest.Post("https://www.oursite.com/example", form);
    2. StartCoroutine(WaitForRequestLoad(www));
    3.  
    4.  private IEnumerator WaitForRequestLoad(UnityWebRequest www)
    5.     {
    6.         using (www)
    7.         {
    8.             yield return www.SendWebRequest();
    9.             if (www.isHttpError)
    10.             {
    11.                   // HttpError
    12.             }
    13.             else if (www.isNetworkError)
    14.             {
    15.                   // THIS IS WHERE THE PROBLEM OCCURS
    16.                   // www.error = "Unable to complete SSL connection"
    17.             }
    18.             else if(www.error != null)
    19.             {
    20.                   // Double check no error messages
    21.             }
    22.             else
    23.             {            
    24.                  // EVERYTHING WORKS FINE, PROCEED NORMALLY
    25.             }
    26.         }
    27.  
    28.     }
    29.  
    We've seen this problem across many similar calls in our game, including plenty of WebAPI calls and AssetBundle loads using UnityWebRequestAssetBundle.GetAssetBundle().

    We've found this to be a problem for users across platforms including Android, iOS, and Standalone builds of our game. We've checked our SSL configuration on the server and things look ok. Given that we can not recreate the problem inhouse it's difficult to troubleshoot for users. We've reached out to several of these users and haven't been able to arrive at a conclusion why they're having issues. For a while now we've blamed their local isp or local configurations, but it now seems like there are too many reports for this to make sense.

    It would be super helpful if we could get some information on what is happening behind the scenes when calling UnityWebRequest.Post() that could result in the SSL error we're seeing. Any information about this would help us troubleshoot if there is something wrong on our end or a problem with the editor.

    The one interesting point is that ALL of the users that have reported this issue have confirmed that they can successfully access the same URL from a web browser on the same device. This made us think that maybe something was wrong at the Unity level.
     
    YujenDev likes this.
  2. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    Which Unity version are you on? Sounds like something fairly recent.
    One reason for this failure is an out of date root certificate store on users system which may not have a root certificate for you site certificate.

    A way to mitigate this issue is to attach custom certificate handler to UnityWebRequest and manually validate the certificate, that way you would not depend on users system being up to date.

    Otherwise you need to collect more data to find out a pattern for this failure. Which TLS version are you using for your site, what OS versions do users with failures use, which regions are they from etc.
     
    Alex_Gustav likes this.
  3. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    Hey, we've been seeing this issue for a while now, but our most recently client is actually built with Unity 2018.2.11f1, just pushed out yesterday and we already have over 100 unique users with error reports containing some form of "Unable to complete SSL connection"

    We've collected extensive information about these errors. To temporarily reduce the problem we are now using http for our PC / OSX standalone clients and of course the SSL errors have gone away on those platforms. But the errors remain for Android primarily since that's where the vast majority of our users play:

    Here is the information we know from users playing from yesterday (10-8-2018) and today (10-9-2018):

    Top 20 Device Types of users with SSL problems:
    Top20_Devices.JPG

    Top 20 Operating Systems of users with SSL problems:
    (You'll see a small number of Windows platforms here as we still require SSL for any login related requests.)
    Top20_OS.JPG

    Top 20 Countries of users with SSL problems:
    Top20_Country.JPG

    I'll post more details about our SSL config shortly..
     
    Last edited: Oct 9, 2018
  4. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    Our servers and Cloudflare are setup to support TLS 1.0, 1.1, 1.2
    We had TLS 1.3 enabled, but recently disabled it with no change.
     
  5. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    Also, we're really confused why users in a web browser on the same device are able to access the same Web api urls successfully, but these fail in Unity. Is there something different about the UnityWebRequest implementation?

    What's making this tough is that we don't really understand what is happening under the hood within the UnityWebRequest.

    I'm looking into certificateHandler stuff now, but not fully understanding what that is doing compared to what Unity would do without a certificateHandler. Can you explain the difference between using a certificateHandler and not (the default behavior?)

    Specifically, what does Unity do by default to determine if the certificate is not valid? I noticed if I write my own certificate handler and return false, I can recreate the "Unable to complete SSL connection." It would be helpful to know what Unity is doing when no certificate handler is present.
    Error.JPG
     
    Last edited: Oct 9, 2018
  6. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    Sounds like a bug on our side then. We validate certificates against the system root certificate store. Can you report a bug to us?

    By attaching the CertificateHandler you bypass the builtin certificate checking completely and take over the control. By returning true or false from the handler you tell whether you trust the certificate or not. You get the certificate as an argument, so can validate it if it is yours.
     
  7. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
  8. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    Any updates on this issue? Our team is little bit confused about the purpose of the custom certificate handler. Why would we want to override the system's default certificate verification process? I was able to implement this based on the examples in the documentation where a simple comparison is made between public keys, but we're not understanding how this can be applied in our case to ensure security... it feels like we're just bypassing the security measures of ssl, is there something we're not fully understanding?

    Also, would using a custom certificate handler be compliant with the iOS requirement that all communication is completed via https?
     
    Last edited: Oct 16, 2018
  9. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    Our QA is still working trying to reproduce it.
    The custom certificate handler not necessarily break security, though it can if not coded properly. The certificates are for establishing trust between the app and the server, using certificates app can ensure the server it has connected to is what it claims to be.
    The normal process is for servers to use certificates issued by trusted authorities, while the root certificates are present on the system (installed along with OS/browser). The trust is established by validating a chain of certificates, where the later certificate signs the previous one. The end of chain is signed by a root certificate that supposed to be present on the system and that way gives a separate validation. If this validation process fails, it means that either you have connected to the wrong server that cannot be trusted (or something untrusted in between tries to do a dirty job), data corruption occurred during communication - these two are proper failures, the connection is actually insecure. Another failure is for the chain to be signed by a root certificate that is not present in the system store (untrusted root), so the connection cannot be trusted. This can be because the system store is out of date (installing updates might update the root certificate store), root certificate has been revoked (i.e. the give certificate issuer was badly hacked and had reissue all certificates) or the certificate issues proved itself to be not trustworthy and got kicked by OSes.
    By using custom certificate handler you take control into your own hands. You can have your own certificate in your app and compare it with what server gives. In they match, the trust is established. This way you make your own certificate a trusted root. This also enables use of self-signed certificates (issued by yourself, not by external issuer organisation). The downside is that if your own validation is coded incorrectly, you can trust the bad guys and/or not trust the good guys. Also, if you ever change your certificate (i.e. it expires), you have to update your app and only update app will be able to connect to your server.

    Hope that's clear enough :)
     
    enish_info likes this.
  10. Aaron_Wacker

    Aaron_Wacker

    Joined:
    Oct 24, 2015
    Posts:
    4
    I have the same issue unfortunately. My build from earlier this year works fine (2018.1.6.52276) with no SSL issue. My current build however after having an updated Unity version (using 2018.2.2.36079) always has the error. This occurs on same machine. I'm thinking it is either how the build is being done with settings, or a difference in cert handling (maybe I need to refresh tokens in my new build?) - anyways, let me know if you find a solution.
     
  11. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    Which platform is this on? If it's Editor/Standalone, then the difference is that in 2018.1 all certificates were trusted and you would only get SSL errors for invalid stuff. Since 2018.2 we properly support SSL and do check if certificates are valid.
    On iOS and Android we had proper SSL support even before 2018.2.
     
  12. Johste

    Johste

    Joined:
    Jul 12, 2014
    Posts:
    8
    My team and I has the same issue consistent with everything mentioned by TitanUnity. Our game is running on 2017.4.14f and the majority of customers having this issue seem to be running Android. A few have reported that the issue suddenly fixed itself overnight, but that does not seem to be the case for all.

    I'll report back if we find any new leads not already mentioned.
     
  13. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    So far we've seen such issue on Android and the cause seems to be connection loss at the time TLS connection is being established. Perhaps you can check your server logs if it is the case?
     
  14. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    Here is an update on this issue from our team. I was able to get in direct contact with a few players that are actively experiencing the issue 'Unable to complete SSL connection' during various loads our client makes. We tried a custom certificate handler and found that unfortunately that did not work for these users either.

    Interesting, I decided to build a custom client where the certificate handler always passes true (figuring that it would certainly work for these users as a temporary solution)... but oddly even this fails when these users attempt basic data loads over https.

    And this isn't coming from a small number, as I reported earlier, we have hundreds of unique users each day that encounter some flavor SSL error.

    Figured I would share as we continue to investigate this problem.
     
  15. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    Custom certificate handler can only help if root certificate is not trusted by device. It will not help in other cases, such certificate being invalid, encryption not passing or simply losing connection right at the time when TLS connection is being established. The cases we were able to reproduce were the last one.
     
  16. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    Hmmm, it just seems like too many users to be simply a connection loss issue. Over 100 unique users a day encountering these problems. Running out of ideas to try here..

    To be clear, these users confirm successfully playing other games, streaming videos, browsing the web and generally not having issues.
     
  17. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    We actually have a user right now that can get this error everysingle time. I had the user manually try to load the same calls from his browser on his Android device and all the calls work ok. When he attempts to make the same calls from the Unity client, they fail with an SSL error.

    More and more this seems like a Unity implementation issue.
     
    Last edited: Nov 19, 2018
  18. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    Here is a summary of information we've gathered from one of our players that is experiencing the 'Unable to complete SSL connection' error everytime on Android with our client built with Unity 2018.2.15f1:

    - UnityWebRequest fails every time with 'Unable to complete SSL connection'
    - User reinstalled app, no luck
    - User confirmed no 3rd modifications or OS changes running
    - User updated Android OS, no luck
    - We tried custom certification handler that passes true everytime with no luck
    - User can successfully make both GET and POST requests from their browser to multiple endpoints our network
    (confirming the user is not blocked by CloudFlare)
    - User confirmed multiple successful hits to the same Web API via browser from the same Android device

    Here is the unusual part:
    - This user was able to create a wifi hotspot with their phone using the same mobile data network at the same location and connect to our game successfully using our Steam PC client with no issues. (They connect the PC client to the phone's hotspot network)

    But, to be clear, we have a variety of users experiencing this problem across all platforms including over 100 unique users today already 11/20/2018 at 9:30am, including on Android, PC, and iOS. The only common theme we've found among reports is that SSL communication fails within Unity but 100% of users we've contacted are able to connect to the same https endpoint via their browser with no problems.

    We could definitely use additional help on this as we're running out of things to try.
     
  19. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    I would really help to check the server side logs. Which TLS version is being used, what kind of failure is seen on server side etc.
    Another alternative is to make a simple Android Java app that would connect to the same endpoint using URL.openConnection(), which is what Unity uses under the hood on Android. Catching exceptions and logging it it might reveal what's happening.
     
  20. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    I'll look further into those avenues, but this user claims the problem started when we launched our most recent version live on Monday this week (our first live client built with 2018.2.15f1). However, we have had this issue for many months now and many have reported the same problem on 2018.2.6f1 so it may be unrelated.
     
  21. DanielLinderSG

    DanielLinderSG

    Joined:
    Aug 17, 2017
    Posts:
    4
    Hi, I have had the same friggin issue as you. I don't want to know how long time I searched for answers regarding this. I managed to solve this by changing:
    UnityWebRequest www = new UnityWebRequest(https://pathToYourAsset);
    to ->
    UnityWebRequest www = UnityWebRequest.Get(https://pathToYourAsset);

    Why that worked and the default doesn't, I have no idea...

    Then when the www gives me a responce, I use this:
    AssetBundle bundle = AssetBundle.LoadFromMemory(www.downloadHandler.data);

    To get the asset bundle.

    Maybe this can help you Unity guys to try and pinpoint the issue or maybe this helps someone with similar issue as I have had.
     
  22. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    Thanks for trying to help, but that looks extremely unlikely. Probably just a coincidence or pure timing luck.
    DownloadHandler deals with incoming data and SSL error means that either secure connection was not established (which is way before the data started to come in) or there was a security issue during download (again, nothing to do with handling data) or the connection was lost at a particular time leading to security error. The last part can be affected by download handlers performance: Get() assigns DownloadHandlerBuffer which stores downloaded data to memory and is the fastest download handler, so it might reduce the probability of connection loss, but certainly doesn't solve it.
     
  23. DanielLinderSG

    DanielLinderSG

    Joined:
    Aug 17, 2017
    Posts:
    4
    Oh ok :)
    Well its very strange that even with a new project and I type in the same. I get the same result.
    In any case, hope you find this bug!
     
  24. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    Can I get such sample project for investigation?
     
  25. DanielLinderSG

    DanielLinderSG

    Joined:
    Aug 17, 2017
    Posts:
    4
    Bah, I was making a small project yesterday with the code and suddenly the connection worked regardless of the .GET or not... so it wasn't this as you suspected. Sorry to have wasted your time :(
     
  26. Exanis

    Exanis

    Joined:
    May 30, 2013
    Posts:
    2
    Hello,

    I happen to have the same bug (Unable to complete SSL connection). I have an API that should be contacted by my game (currently running only in the editor) and the error pop every time I try to connect.

    I may have an idea of what is causing the problem : being in early dev phase, my website use a certificate from Let's Encrypt ; those are recognized by my browser (and by most, if not all, browser out there), but may or may not be installed in the computer's store ? I did however manually installed them with no luck - I didn't fully restart the computer after installing, however, so I still have a tiny hope...

    I can provide any needed log (or even an access to the server itself, since it's basicaly empty anyway). I would also love to try any other method to connect if needed to help debug this.

    Thank you !
     
  27. Exanis

    Exanis

    Joined:
    May 30, 2013
    Posts:
    2
    Update from yesterday's message : After rebooting my computer (and manually installing Let's Encrypt's certificate in my computer's store), I no longer face this error. I guess this may be an hint that the initial hypotesis was valid ? Some SSL certifiers may be absent from phone / computer store, even if present in the browsers' one, and as such they may not be recognized by unity even if they work from a browser, giving the symptoms that were described ?
     
  28. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    That is most likely the case. Unity pulls certificates from the system store and some browsers do have their own certificate stores.
     
  29. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    Hi Exanis,

    We also have used Let's Encrypt but can you elaborate more specifically about manually installing the certificate in your computer's store? This may help our users with this SSL problem.
     
  30. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    It would be easier to include the certificate into your app (like a byte array in code containing the DER bytes) and then write you own CertificateHandler to compare the certificates in the chain against your certificate.
     
  31. ErwinTerpstra

    ErwinTerpstra

    Joined:
    Sep 29, 2015
    Posts:
    4
    We are experiencing the same problem with Unity 2018.2.2f1 on Android with a Samsung Galaxy Tab III, other devices just work fine. Our server uses a Let's Encrypt certificate as well. I also tried adding a CertificateHandler that always passes validation to test if it can be related to the certifier not being in the system store, but that doesn't change anything.

    We offer TLS 1.2 by default but also support TLS 1.0. The server is running nginx 1.13.3. Let me know if there is any more information that can help solve this problem.
     
  32. unity_QBcwkEg8dONugg

    unity_QBcwkEg8dONugg

    Joined:
    Jan 4, 2019
    Posts:
    1
    Hello everyone,

    We have also been experiencing problems when connecting to certain endpoints. I've pinpointed our problem to a very narrow issue. We mostly had this with brand new Windows installations. Explanation below:

    Problem lies within the (Root)Certificate store of the device and the way Unity handles it's certificates:
    - A new device with a fresh Windows installation will have 18 Root certificates (for our devices, amount may differ per installation). After connecting to the internet it will have 20.
    - If a browser navigates to a website with an unknown Root certificate, but the certificate is valid, the certificate is added to the device's store.
    - If Unity connects to an URL, it will validate the certificate, including the Root certificate, against the device's store. That means that if the device is missing the Root certificate from the URL, it will fail and throw an 'unable to complete ssl connection'. It will not add the certificate to the device's store.

    So the above means that we can not connect new devices to a URL which has a Root certificate that is not in the device's store.
    Our login uses a certificate from Let's Encrypt -> DST.
    Another project of ours uses Global Sign as Root.
    When opening our Unity application we open a browser window where the user can log in to our SSO. Our SSO uses the Let's Encrypt (DST) certificate. The SSO opens in the browser and thus the Root certificate will be added to the device's store. Any connection made to an URL using DST will now succeed.
    After that, a connection to our API project will be made using credentials obtained from the SSO. Our API uses a certificate with Global Sign as Root, but the Global Sign certificate will be missing because we have not yet visited any site that uses Global Sign in a browser and the certificate is not in the device's store by default.
    If you navigate the browser to an URL of the API that is publicly accessible (or any url with Global Sign as Root), the certificate will be available and the connection will from then on succeed.

    I have attached 2 images. The first is an image showing the Root certificates for a device that has been active for about 10 minutes. The second shows the certificates for a device that has been used for a longer time and has already visited and thus stored the Root certificates as I've explained.

    root_certificates_fresh.png
    root_certificates_existing_device.png

    I hope you can use this explanation to reproduce and/or fix the error.

    For now we have added an AJAX call from our SSO page to our API project so the Global Sign certificate will also be added to the device's store, but this is a hack and is not a sustainable solution.
     
  33. royvaneijndhoven

    royvaneijndhoven

    Joined:
    Jun 1, 2017
    Posts:
    65
    @Aurimas-Cernius, do you know whether Unity is working on something that would fix what unity_QBcwkEg8dONugg found (post above)?
     
  34. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    We will look into it.
    However, failing when root certificate is not present in the store is actually a correct thing to do - that's how secure connections are supposed to work. I don't see a mention of a browser used, but I would expect that browser to take some extra steps to ensure the certificate is a trusted one. Just because certificate is valid does not mean the site can be trusted.
     
  35. delphinius81

    delphinius81

    Joined:
    Mar 6, 2012
    Posts:
    56
    We had a similar issue using UnityWebRequests in a UWP environment (Hololens). We connect our HoloLens application to a medical simulator that uses a private, company-wide root certificate . There were two things that we ended up having to do:

    1) Check if the certificate was already installed on the device's store, and if not, install it via the X509Store / X509Certificate2 commands. We include a copy of the certificate with our application. We then check the certificate data returned from ValidateCertificate against known quantities. This allows our connection to work fine when running from the Unity editor or in a Windows Desktop build.

    2) However, in an IL2CPP UWP environment, we use HTTPRequestMessage instead of UnityWebRequest, as UnityWebRequest still doesn't work after doing certificate installs / manual certificate checking. We continue to see SSL related errors.

    This issue has existed from 18.1 through current 18.3 releases.
     
  36. royvaneijndhoven

    royvaneijndhoven

    Joined:
    Jun 1, 2017
    Posts:
    65
    This is good to know because our main focus is currently on UWP with the IL2CPP Scripting Backend. Have you tried this in the 2019.1 alpha of Unity?
     
  37. newlife

    newlife

    Joined:
    Jan 20, 2010
    Posts:
    811
    Hello, we are facing the same issue with unity 2018.2 with both legacy WWW class and the new UnityWebRequest class.
    Everything seems to work in both the editor and the Android devices we tested, while it always fails on all ios devices we tested.
    We don't have access to the server cause are making a request to http://www.geonames.org/countrycode to retrieve country code of the user.
    Using a non secure connection (http://www.geonames.org/countrycode) it gives
    Unknown error

    Using secure connection (https://www.geonames.org/countrycode) it gives
    Unable to complete SSL connection error

    Again, both in editor and on all Android devices it works like expected.
    With the previous version, made with Unity 5.6, everything worked both on Android and on ios.
    Is there a way to make something basic like a simple http request work on all devices?
    Please advice.
     
  38. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    You can partially debug this. In the exported XCode project go to WWWConnection.mm file - this is the backend for UnityWebRequest. Search the file for "challenge" and you'll get to the code that deals with certificates.
    Please let me know you findings, cause this shouldn't fail.
     
  39. newlife

    newlife

    Joined:
    Jan 20, 2010
    Posts:
    811
    We dont have access to xcode project cause we are using cloud build. Anyway, this is a known bug, it has been here at least since one year.
    You can test it by yourself by calling geonames.org using secure and non secure connection.
    In both cases, on ios devices (at least the ones we tested) it fails.
    In the editor and on android devices (at least the ones we tested) it succeeded.
    Compare to Unity 5.6 where, in our experience, everything worked like expected.

    Anyway, since we have already wasted enough time trying to debug unity, we decide to move to an alternative way (using HttpWebRequest class) as suggested here https://stackoverflow.com/questions/4015324/how-to-make-http-post-web-request#4015346. Keep in mind that this is an old class and microsoft doesn't recommend to use it (it recommends System.Net.Http.HttpClient class which requires .NET 4.5), so there can be some problems with secure connections.
     
    unpuzzlebarcelona likes this.
  40. newlife

    newlife

    Joined:
    Jan 20, 2010
    Posts:
    811
    As an example, this is the exception fired when trying to get response from https://www.geonames.org/ (secure connection) from unity editor and from an android device using HttpWebRequest class:

    TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a
    Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates)
    Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 ()
    Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process ()
    (wrapper remoting-invoke-with-check) Mono.Security.Protocol.Tls.Handshake.HandshakeMessage:Process ()
    Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg)
    Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult)
    Rethrow as IOException: The authentication or decryption has failed.
    Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (IAsyncResult asyncResult)
    Rethrow as WebException: Error getting response stream (Write: The authentication or decryption has failed.): SendFailure
    System.Net.HttpWebRequest.EndGetResponse (IAsyncResult asyncResult)
    System.Net.HttpWebRequest.GetResponse ()


    Strangely enough, it works perfectly on ios device.
     
  41. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    Does it work on Unity 5.6 or it did work?
    Examining the URL in Firefox I see the site uses TLS 1.2. If it doesn't provide lower version, then we only support it since 2018.3 (IIRC).
     
  42. newlife

    newlife

    Joined:
    Jan 20, 2010
    Posts:
    811
    It works cause the published version of our app has been build with unity 5.6 and everything works like expected.
    The site (www.geonames.org/) supports TLS 1.0, 1.1 and 1.2 as you can check here http://ssl-checker.online-domain-tools.com/. Anyway I really cant understand why unity should support such a basic feature only since 18.3. This is a bug, period.
    Not only, that site supports also non secure connections and, as I stated before, the call always fail with "Unknown error".
     
  43. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    Could you report this bug?
     
  44. newlife

    newlife

    Joined:
    Jan 20, 2010
    Posts:
    811
    I just realize that our project uses .NET 3.5 Equivalent as scripting runtime version instead of .NET 4.0 Equivalent.
    Can this cause this issue?
     
  45. SunnyChow

    SunnyChow

    Joined:
    Jun 6, 2013
    Posts:
    337
  46. cybergaston007

    cybergaston007

    Joined:
    Jun 21, 2017
    Posts:
    7
    Hello,

    After reading all this thread, I'm unsure if anyone has actually managed to solved this big issue .

    I had a project running Unity 2017.4 with .NET3.5, and no user complained.

    Since upgrading to Unity 2018.3 with .NET4.x, getting tons of user that are having these errors.

    Really thinking of rolling everything back now...

    (Connecting to AWS servers)
     
  47. newlife

    newlife

    Joined:
    Jan 20, 2010
    Posts:
    811
    Hello cybergaston, which class are you using to make the call? You can fix this by using .Net classes instead of unity one
     
  48. cybergaston007

    cybergaston007

    Joined:
    Jun 21, 2017
    Posts:
    7
    Hi newlife,

    I'm using UnityWebRequest. Basically the exact same code as TitanUnity (first message).
     
  49. newlife

    newlife

    Joined:
    Jan 20, 2010
    Posts:
    811
    Hello cybergaston,
    you can use HttpWebRequest class (which is legacy class) or System.Net.Http.HttpClient class which requires .NET 4.5.
    I tested HttpWebRequest and it worked in all cases where both legacy WWW class and the new UnityWebRequest class failed.
    Most probably also System.Net.Http.HttpClient will, and its surely a better option cause is a more recent implementation.
    We stuck to the old HttpWebRequest class cause we are still using .NET 3.5 (due to lower build size, around 10%).
     
  50. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    2,367
    .NET classes and UnityWebRequest share the TLS backend, so it's unlikely for one to work and for other to fail.