Search Unity

UnityWebRequest - Unable to complete SSL connection

Discussion in 'Editor & General Support' started by TitanUnity, Oct 8, 2018.

  1. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,732
    Was it one time occurrence or a persistent error?
    We are looking for a reproducible case for this. So far we haven't found anything other than connectivity issues.
     
  2. waldob

    waldob

    Joined:
    Mar 20, 2013
    Posts:
    24
    Tautvydas-Zilys, Aurimas-Cernius: what's the latest on the fix? I heard from a Microsoft employee that unity was targeting a fix for mid September, are you still on track?
     
  3. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,674
    That's correct. The fix landed to 2020.1 alpha and is currently being reviewed for 2019.3, 2019.2 and 2018.4.
     
    waldob likes this.
  4. Don_K

    Don_K

    Joined:
    May 31, 2016
    Posts:
    8
    When we released the app, we planned to use two types of servers: API and CDN.
    SSL connection to CDN server failed only on Android build using Unity2019.2.3f1.
    The exception at this time was Unable to complete SSL connection.

    However, the SSL connection to the API server was successful,
    Also, Android build on Unity2018.4.8f1 was able to connect to CDN normally.

    Oddly enough, the iPhone build does not fail SSL connections to these servers.

    For this reason, we investigated the differences in UnityRequest for Android builds on Unity2018 and Unty2019 and posted them to UnityAnswers, but there seems to be differences in the headers.
    https://answers.unity.com/questions/1663181/is-the-unityewbrequest-header-of-android-build-of.html

    We solved the problem by copy the API server's certificate to that of the CDN server, although we had no problems connecting using the iPhone.

    I hope this survey will help.
     
    Last edited: Sep 12, 2019
    carldevelopsforcoffee likes this.
  5. Trivium_Dev

    Trivium_Dev

    Joined:
    Aug 1, 2017
    Posts:
    78
    Will this fix also fix it on Windows 10? I run into this issue a good amount (for some odd-ball reason), and oddly enough, most of the time I'm actually trying to request data from Unity's own Unity Cloud Build API to get updated builds (which we then download), or sometimes the URL to the build to download will fail (which is hosted on S3 I believe). We usually just get a response code of "0" with the failed web request (no others reported in the request itself). We finally narrowed it down to a certificate issue, which I have been getting around by either overriding the certificate handler and just returning "true" (super safe...) or switching the URL to http (instead of https).

    I was reviewing this thread today which I had found some many months ago because I was running into the issue again except this time it was for our own AWS servers (and only occurs on 1 specific computer, which of course is the deploy computer so it ONLY HAS TO WORK ON THAT ONE... but doesn't :( ), and saw that people mentioned if the issue occurs, go to the website in question in Edge and it'll fix it. And so I tried that... and low and behold it worked.

    So it would be nice if this fix that is coming up fixes it for Windows as well as Hololens/Xbox, which I am hoping is what they meant but only specified those two platforms.
     
    Last edited: Sep 18, 2019
  6. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,674
    Yes, this code is shared between all Windows platforms, including Editor and Standalone player.
     
  7. waldob

    waldob

    Joined:
    Mar 20, 2013
    Posts:
    24
    Tautvydas-Zilys: I've been looking out every day for a unity upgrade. Do you know when it will be ready?
     
  8. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,674
    The fix landed to 2020.1.0a4, 2019.3.0b4, 2019.2.7f2 and 2018.4.10f1. 2019.3 one is out already, the others should be coming out this week.
     
    waldob likes this.
  9. waldob

    waldob

    Joined:
    Mar 20, 2013
    Posts:
    24
    Ok, waiting 2019.2 or 2018.4 since that's the version we're on right now.
     
  10. ytarkan

    ytarkan

    Joined:
    Nov 21, 2017
    Posts:
    3
    Any news on this? We have a lot of users that are facing this problem..
     
  11. waldob

    waldob

    Joined:
    Mar 20, 2013
    Posts:
    24
    Still waiting on the fix getting into 2019.2 :(
     
  12. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,674
    2019.2.7f2 is now out. 2018.4.f10 should be coming out shortly.
     
    waldob likes this.
  13. waldob

    waldob

    Joined:
    Mar 20, 2013
    Posts:
    24
    Amazing, thank you!
     
  14. RedPandit

    RedPandit

    Joined:
    Oct 1, 2019
    Posts:
    1
  15. ytarkan

    ytarkan

    Joined:
    Nov 21, 2017
    Posts:
    3
    After upgrading unity to 2018.4.f10, still getting "Unable to complete SSL connection" error on some android devices. Do you have any idea ?
     
    Last edited: Oct 3, 2019
  16. TitanUnity

    TitanUnity

    Joined:
    May 15, 2014
    Posts:
    180
    We're seeing the same thing, still several hundred 'Unable to complete SSL connection' errors each day after upgrading clients to 2018.4.10.
     
  17. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,674
    On which platform?
     
  18. doterax

    doterax

    Joined:
    Jun 10, 2015
    Posts:
    4
    I can reproduce this error in Unity Editor (2019.1.14f1, Windows 64 bit)

    I made stress test that download 500 mb of asset bundles using UnityWebRequests that works simultaneously.
    And after bundle data downloaded (unityWebRequestAsyncOperation.isDone) I call DownloadHandlerAssetBundle.GetContent() to load asset bundle in memory.

    But in some cases during call DownloadHandlerAssetBundle.GetContent() garbage collector starts working hard (1+ minute), and during this time none of async operations reported that hey are done.
    But after 1+ minute waiting some request ends with error "Unable to complete SSL connection" or "Failed to receive data"

    If I change test - firstly download all bundle data (omtiting cache) and after all I call DownloadHandlerAssetBundle.GetContent() to load it in to memory, everything works fine on 20+ runs.

    So if you continue digging this bug, try take interactions between GC and UnityWebRequest in account. I think some timeout occurs during download thread paused by GC.

    P.S. In some cases main test suceeded, in attachments two logs: sucessfull run and run with errors. Line with "+" - begin request, "-" end request. GC.Collect lines produced from folowing code.
    Code (CSharp):
    1. // call new GCWatcher() without storing ref to it! WARNING: onFinalizer called from different thread!
    2. class GCWatcher
    3. {
    4.     Action onFinalizer;
    5.     public GCWatcher(Action onFinalizer)
    6.     {
    7.         this.onFinalizer = onGC;
    8.     }
    9.  
    10.     ~GCWatcher()
    11.     {
    12.         onFinalizer();
    13.         new GCWatcher(onFinalizer);
    14.     }
    15. }
     

    Attached Files:

  19. jotamaza

    jotamaza

    Joined:
    Apr 12, 2015
    Posts:
    9
    I'm facing this issue with Unity 2018.3.9f1. It works correctly on editor (OSX), but fails when built into an iPhone.

    I have also tried a custom certificateHandler, and again it works on editor, but looks like the iOS build don't use it. I've added some debug inside the ValidateCertificate method, and I see them on the editor, not in the Xcode output.

    Another curious thing, It always works in our develop server (cert is LetsEncrypt), but always fails in our client stage server (cert is Entrust). The cert seems correct both from computer and iPhone browsers.

    Any ideas?

    Here is the Xcode output:

    Downloading appConfig.json using UnityWebRequest
    2019-10-24 11:38:19.573778+0200 kitzapp[4043:970698] [BoringSSL] boringssl_context_alert_callback_handler(3724) [C1.1:2][0x11a8e3f60] Alert level: fatal, description: handshake failure
    2019-10-24 11:38:19.573843+0200 kitzapp[4043:970698] [BoringSSL] boringssl_session_errorlog(224) [C1.1:2][0x11a8e3f60] [boringssl_session_handshake_incomplete] SSL_ERROR_SSL(1): operation failed within the library
    2019-10-24 11:38:19.573874+0200 kitzapp[4043:970698] [BoringSSL] boringssl_session_handshake_error_print(205) [C1.1:2][0x11a8e3f60] 4777775144:error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.250.2/ssl/tls_record.cc:586:SSL alert number 40
    2019-10-24 11:38:19.573891+0200 kitzapp[4043:970698] [BoringSSL] boringssl_session_handshake_error_print(205) [C1.1:2][0x11a8e3f60] 4777775144:error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.250.2/ssl/handshake.cc:576:
    2019-10-24 11:38:19.573902+0200 kitzapp[4043:970698] [BoringSSL] boringssl_context_get_error_code(3545) [C1.1:2][0x11a8e3f60] SSL_AD_HANDSHAKE_FAILURE
    2019-10-24 11:38:19.580300+0200 kitzapp[4043:970698] TIC TCP Conn Failed [1:0x281014900]: 3:-9824 Err(-9824)
    2019-10-24 11:38:19.581237+0200 kitzapp[4043:970698] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
    2019-10-24 11:38:19.581256+0200 kitzapp[4043:970698] Task <AD4E6A5F-EDA5-47C0-B134-1F417AD96F2B>.<0> HTTP load failed (error code: -1200 [3:-9824])
    2019-10-24 11:38:19.581391+0200 kitzapp[4043:970706] NSURLConnection finished with error - code -1200
    Error downloading appConfig.json: Unable to complete SSL connection
     
  20. jotamaza

    jotamaza

    Joined:
    Apr 12, 2015
    Posts:
    9
    I have migrated the project to Unity 2018.4.11 to check if there is some fix for that in newer versions, but the issue is still there.

    Any help will be appreciated. Thanks!
     
  21. Samuel411

    Samuel411

    Joined:
    Dec 20, 2012
    Posts:
    646
    Hey guys, I had a similar issue. For me I was getting one user reporting this error. It turns out that too many requests were being sent too quickly and his network ended up timing out at 70 requests and failed the one immediately after the limit then failed the ones after that with the SSL connection errors.

    My solution is to just wait in between batches of requests to avoid this issue.
     
    carldevelopsforcoffee likes this.
  22. Neozman

    Neozman

    Joined:
    Sep 29, 2016
    Posts:
    67
    We have it on 2018.4.6

    I ve implemeted custom certificateHandler for android and ios platform to skip certificate validation (always return true) but unfortunalty it was unsuccessful. Any ideas?
     
  23. jotamaza

    jotamaza

    Joined:
    Apr 12, 2015
    Posts:
    9
    I think the problem, at least for my case, is that the certificate is not being even downloaded. There is a handshake error during initial connection, and server aborts or block the call.

    So we are never calling the ValidateCertificate method in the custom handler.

    I've discovered that it works when I use BestHTTP instead of UnityWebRequest. The problem with BestHTTP is that, due to the TLS implementation done in C#, the download is way too long, like 10x (6 seconds to 62) with a 120Mb asset bundle.

    To add more confussion, the download works without issues from Android devices, so the problem appears only on iOS builds.
     
  24. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,732
    For iOS you can try debugging UnityWebRequest in it's very bottom level. Find the UnityWebRequest.mm file in the exported XCode project, there is some code related to TLS that invokes Unity certificate handler.
    Another thing is that Unity on Android supports HTTP/1.1 and TLS 1.2 or lower, while on iOS we support whatever the OS backend (NSURLSession) supports, that might contribute to differences.
     
  25. jariwake

    jariwake

    Joined:
    Jun 2, 2017
    Posts:
    100
    Hi. I ran into TLS handshake failure a problem and ended to this thread. I built my Windows Standalone app using Unity 2018.4.0f1. The app simply sends a HTTPS GET requests using UnityWebRequest when the app is started. On my development PC (Windows 10) it succeeds, but on another laptop (also Windows 10) it fails and I get "Handshake failure" when looking at the traffic with Wireshark. See the screenshots below:



    I tried updating to to Unity 2018.4.12f1 but the problem persisted.
    Both PC:s have the latest updates from Windows Update.

    I am out of ideas how to tackle this. I thought this should be already fixed in 2018.4.12f1, but am I mistaken?
     
    Last edited: Nov 8, 2019
    doterax likes this.
  26. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,732
    There is a known issue that Windows download certificates on demand. Try accessing the same URL using Microsoft's browser (Edge or IE), that might resolve the issue.
     
  27. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,674
    It should have been. Is that laptop able to access the website on the browser?
     
  28. jariwake

    jariwake

    Joined:
    Jun 2, 2017
    Posts:
    100
    Yes, I was able to access the same url on Firefox. But now the problem is gone, and im not entirely sure why - maybe something triggered the update on the Windows certificates (cannot be accessing the site with Firefox, as it has its own certificate storage afaik).
     
  29. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,674
    Unity should be triggering it, and it did when we tested the fix. I wonder if this could be one-off connection issue to Microsoft certificate servers.
     
  30. Neozman

    Neozman

    Joined:
    Sep 29, 2016
    Posts:
    67
    Still having this problem on 2018.4.6f

    Apr. 16% of incomming players struggling with this error. How can we resolve this?

    Platform is android
     
    doterax likes this.
  31. jariwake

    jariwake

    Joined:
    Jun 2, 2017
    Posts:
    100
    With a build made with 2018.4.0f1 it seems it is possible to fix this issue by visiting the URL with Internet Explorer. So are you saying, if we update to 2018.4.12.f1, the trick with IE wouldn't be necessary?
     
  32. Tautvydas-Zilys

    Tautvydas-Zilys

    Unity Technologies

    Joined:
    Jul 25, 2013
    Posts:
    10,674
    Correct. Unity will do what Internet Explorer does under the hood when you visit the website.
     
  33. SaleemSiddiqui

    SaleemSiddiqui

    Joined:
    Jun 27, 2019
    Posts:
    2
    We are having same problem: "Unable to complete SSL connection"

    Mostly iOS 13 Users are affected with hundreds of failed requests.

    Any solution yet ?
     
  34. potato_based_username

    potato_based_username

    Joined:
    Jul 25, 2018
    Posts:
    2
    What's the current status here? We have launched a new app this January and are getting a number of these on both iOS and Android from Unity 2018.4.13f1 builds. Reading through this thread, I'm still unclear whether it's a UnityWebRequest issue or if switching to an alternative HTTP library would be a good workaround?
     
  35. Berno

    Berno

    Joined:
    Oct 29, 2014
    Posts:
    40
    This has suddenly started happening for my application on older Android variants.
    These users were having no problems but one day to next no web access for my app.
    I think perhaps the increase in internet load due to everybody working at home has triggered this.
    I had to downgrade my Android device to 4.4.2 but now am able to reproduce it every time. Prior to that I was on Android 6 and had no issues. One user has since upgraded devices and the issue went away with the newer Android version.
    Any ideas or workarounds?
    Why was the bug closed it doesn't seem resolved:
    https://fogbugz.unity3d.com/default...498.810347104.1585893966-655320853.1585893966
     
  36. TheFellhuhn

    TheFellhuhn

    Joined:
    Feb 3, 2017
    Posts:
    42
    I have the same problem with my app (made with Unity 2018.4.19f1) on Android 4.4.2 (ARM 32bit). I can't access the API via https with the app or the internal (Samsung) browser. It works fine with Chrome on the same device. According to ssl-trust.com my certificate is fine and it works on all other platforms/Android versions so far (AFAIK).

    I don't want to write a custom certificate validation as that is not future proof.

    EDIT: One problem could be that my Cert Chain of Trust contains "Let's Encrypt" which Android 4.4.2 doesn't know anything about.

    EDIT2: Attached the Unity log. The server doesn't even have a log about the failed connection attempt.

    EDIT3: Or its reliance on SSLv3 which is deemed obsolete and insecure.

    EDIT4: Forcing TLS or a custom certificate handler also doesn't work.
     

    Attached Files:

    Last edited: Apr 11, 2020
  37. MohammadAlizadeh

    MohammadAlizadeh

    Joined:
    Apr 16, 2015
    Posts:
    26
    For those who want to do simple data reading from a website
    Good old WWW is your best friend

    disable the obsolete warning cause UnityWebRequest itself is obsolete heh jk

    #pragma warning disable CS0618
    WWW wwwlord = new WWW(URL);
     
  38. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,732
    No, it's not. There was a somewhat misleading message in our documentation. Only UNet is deprecated, UWR is not.
     
    MohammadAlizadeh likes this.
  39. MohammadAlizadeh

    MohammadAlizadeh

    Joined:
    Apr 16, 2015
    Posts:
    26
    Yes, UnityWebRequest works as expected when using HTTP
    But on Android 8+
    android:usesCleartextTraffic="true"
    needs to be added to the manifest file
    Otherwise, you will get
    Unknown Error


    and when using HTTPS problems get fancier like you have to add
    <domain includeSubdomains="true">example.com</domain>

    or do some certificate validation stuff which i never understand

    And Ffs add it to your documentation, some photoshop skills

    unity docs: it's android bug they have to update their api
     
    Last edited: May 11, 2020
  40. Alkanov

    Alkanov

    Joined:
    May 15, 2017
    Posts:
    54
    I am getting this error "unable to complete ssl connection" for the first time on 3years.

    100% on Android

    A simple
    Code (CSharp):
    1. UnityWebRequest.Get("https://laurum.online/news.php");
    on Nox 6.6.05 replicates the issue for me
     
    Last edited: May 17, 2020
  41. Alkanov

    Alkanov

    Joined:
    May 15, 2017
    Posts:
    54
    Where you able to fix this?
     
  42. TheFellhuhn

    TheFellhuhn

    Joined:
    Feb 3, 2017
    Posts:
    42
    No. I just had to remove online support for those devices.
     
  43. Alkanov

    Alkanov

    Joined:
    May 15, 2017
    Posts:
    54
    I wouldn't say I was able to "fix it" but I was getting ready to split who could use http and https by android version, got my Nginx proxy manager up and running, requested a new certificate and to my surprise, the issue was now fixed. No more SSL errors.
     
  44. NakOhz

    NakOhz

    Joined:
    Mar 5, 2020
    Posts:
    6
    I'm using ELB of AWS and I'm crazy about 'Failed to receive data' or 'Unable to complete SSL connection'.

    'Failed to receive data' only in Android.

    'Unable to complete SSL connection' Android and IOS both.

    'Unable to complete SSL connection' is not 100%, but it occurs frequently when you first connect to the server. Of course, it happens sometimes in the middle.

    It doesn't necessarily happen to the same user, it happens intermittently.

    A forced retry when a problem occurs can somehow be resolved, but it is not a fundamental solution.

    There must be a clear guide.


    KeepAliveTime is set to ELB default time of 60 seconds.

    I Use CloudFront And GlobalAccelator.

    The same problem occurs for both solutions.

    I Use Unity 2019.3.2f1

    The same symptom was confirmed in 2019.4.0.

    It's so hard...

    Please give me a solution.
     
    Last edited: Aug 3, 2020
  45. NakOhz

    NakOhz

    Joined:
    Mar 5, 2020
    Posts:
    6
  46. NakOhz

    NakOhz

    Joined:
    Mar 5, 2020
    Posts:
    6

    Does the BestHttp plug-in not cause the problem except for the slow one?
     
  47. NakOhz

    NakOhz

    Joined:
    Mar 5, 2020
    Posts:
    6
    Finally, why do the same questions and problems repeat?

    I don't know what the point is,

    Failed to receive data

    Or

    Unable to complete SSL connection

    This is actually happening at a very high probability, and Unity should present a solution accordingly.

    I am using AWS' ACM's certificate and getting certification through ELB. This is a universal method used by so many people.

    And in the future, this approach will increase, and it will be fatal if the problem is not solved.
     
  48. happirt

    happirt

    Joined:
    Dec 30, 2018
    Posts:
    14
    I'm trying to setup UDP with IAP and getting this when trying to sandbox test on UDP. Is it related?

    Using 2018.4.5

    upload_2020-11-20_15-44-54.png
     
  49. Voxel-Busters

    Voxel-Busters

    Joined:
    Feb 25, 2015
    Posts:
    1,963
    Can someone share which 2018.4 version has the working solution?
     
  50. bdzsana2

    bdzsana2

    Joined:
    Aug 1, 2013
    Posts:
    10
    A little more info:
    I was able to reproduce the issue. It was occuring for about 10 minutes.
    The requests to our AWS server started to become extreamly slow, a bit later all failed with the SSL error message above. At that time period none of colleages experienced that issue, but it occured on all of my devices (android/editor)
    Than I realised I don't use the same internet provider as my coleages so I asked one of them to check with the same provider (Telekom), and after that he also got the same issue. Every other internet services were great and fast with that internet provider except our requests. Than after 10 minutes it solved itself and the requests became super fast again for everybody.
    The problem is that it occurs randomly and even it occurs for our players.
     
    Energy0124 and ina like this.