UnityWebRequest - Unable to complete SSL connection

Tautvydas-Zilys, Aurimas-Cernius: what's the latest on the fix? I heard from a Microsoft employee that unity was targeting a fix for mid September, are you still on track?

 

When we released the app, we planned to use two types of servers: API and CDN.
SSL connection to CDN server failed only on Android build using Unity2019.2.3f1.
The exception at this time was Unable to complete SSL connection.

However, the SSL connection to the API server was successful,
Also, Android build on Unity2018.4.8f1 was able to connect to CDN normally.

Oddly enough, the iPhone build does not fail SSL connections to these servers.

For this reason, we investigated the differences in UnityRequest for Android builds on Unity2018 and Unty2019 and posted them to UnityAnswers, but there seems to be differences in the headers.
https://answers.unity.com/questions/1663181/is-the-unityewbrequest-header-of-android-build-of.html

We solved the problem by copy the API server's certificate to that of the CDN server, although we had no problems connecting using the iPhone.

I hope this survey will help.

 

Will this fix also fix it on Windows 10? I run into this issue a good amount (for some odd-ball reason), and oddly enough, most of the time I'm actually trying to request data from Unity's own Unity Cloud Build API to get updated builds (which we then download), or sometimes the URL to the build to download will fail (which is hosted on S3 I believe). We usually just get a response code of "0" with the failed web request (no others reported in the request itself). We finally narrowed it down to a certificate issue, which I have been getting around by either overriding the certificate handler and just returning "true" (super safe...) or switching the URL to http (instead of https).

I was reviewing this thread today which I had found some many months ago because I was running into the issue again except this time it was for our own AWS servers (and only occurs on 1 specific computer, which of course is the deploy computer so it ONLY HAS TO WORK ON THAT ONE... but doesn't ), and saw that people mentioned if the issue occurs, go to the website in question in Edge and it'll fix it. And so I tried that... and low and behold it worked.

So it would be nice if this fix that is coming up fixes it for Windows as well as Hololens/Xbox, which I am hoping is what they meant but only specified those two platforms.

 

Tautvydas-Zilys: I've been looking out every day for a unity upgrade. Do you know when it will be ready?

 

Ok, waiting 2019.2 or 2018.4 since that's the version we're on right now.

 

Any news on this? We have a lot of users that are facing this problem..

 

Still waiting on the fix getting into 2019.2

 

Amazing, thank you!

 

https://unity3d.com/unity/whats-new/2018.4.10
Windows: Fixed TLS handshake Windows/UWP when root certificate is trusted by the system but not yet in it's certificate store. (1076758, 1175308)

 

After upgrading unity to 2018.4.f10, still getting "Unable to complete SSL connection" error on some android devices. Do you have any idea ?

 

We're seeing the same thing, still several hundred 'Unable to complete SSL connection' errors each day after upgrading clients to 2018.4.10.

 

I can reproduce this error in Unity Editor (2019.1.14f1, Windows 64 bit)

I made stress test that download 500 mb of asset bundles using UnityWebRequests that works simultaneously.
And after bundle data downloaded (unityWebRequestAsyncOperation.isDone) I call DownloadHandlerAssetBundle.GetContent() to load asset bundle in memory.

But in some cases during call DownloadHandlerAssetBundle.GetContent() garbage collector starts working hard (1+ minute), and during this time none of async operations reported that hey are done.
But after 1+ minute waiting some request ends with error "Unable to complete SSL connection" or "Failed to receive data"

If I change test - firstly download all bundle data (omtiting cache) and after all I call DownloadHandlerAssetBundle.GetContent() to load it in to memory, everything works fine on 20+ runs.

So if you continue digging this bug, try take interactions between GC and UnityWebRequest in account. I think some timeout occurs during download thread paused by GC.

P.S. In some cases main test suceeded, in attachments two logs: sucessfull run and run with errors. Line with "+" - begin request, "-" end request. GC.Collect lines produced from folowing code.

Spoiler: GCWatcher

Code (CSharp):

1. // call new GCWatcher() without storing ref to it! WARNING: onFinalizer called from different thread!
2. class GCWatcher
3. {
4.     Action onFinalizer;
5.     public GCWatcher(Action onFinalizer)
6.     {
7.         this.onFinalizer = onGC;
8.     }
9.  
10.     ~GCWatcher()
11.     {
12.         onFinalizer();
13.         new GCWatcher(onFinalizer);
14.     }
15. }

 

I'm facing this issue with Unity 2018.3.9f1. It works correctly on editor (OSX), but fails when built into an iPhone.

I have also tried a custom certificateHandler, and again it works on editor, but looks like the iOS build don't use it. I've added some debug inside the ValidateCertificate method, and I see them on the editor, not in the Xcode output.

Another curious thing, It always works in our develop server (cert is LetsEncrypt), but always fails in our client stage server (cert is Entrust). The cert seems correct both from computer and iPhone browsers.

Any ideas?

Here is the Xcode output:

Downloading appConfig.json using UnityWebRequest
2019-10-24 11:38:19.573778+0200 kitzapp[4043:970698] [BoringSSL] boringssl_context_alert_callback_handler(3724) [C1.1:2][0x11a8e3f60] Alert level: fatal, description: handshake failure
2019-10-24 11:38:19.573843+0200 kitzapp[4043:970698] [BoringSSL] boringssl_session_errorlog(224) [C1.1:2][0x11a8e3f60] [boringssl_session_handshake_incomplete] SSL_ERROR_SSL(1): operation failed within the library
2019-10-24 11:38:19.573874+0200 kitzapp[4043:970698] [BoringSSL] boringssl_session_handshake_error_print(205) [C1.1:2][0x11a8e3f60] 4777775144:error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.250.2/ssl/tls_record.cc:586:SSL alert number 40
2019-10-24 11:38:19.573891+0200 kitzapp[4043:970698] [BoringSSL] boringssl_session_handshake_error_print(205) [C1.1:2][0x11a8e3f60] 4777775144:error:1000009a:SSL routines:OPENSSL_internal:HANDSHAKE_FAILURE_ON_CLIENT_HELLO:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.250.2/ssl/handshake.cc:576:
2019-10-24 11:38:19.573902+0200 kitzapp[4043:970698] [BoringSSL] boringssl_context_get_error_code(3545) [C1.1:2][0x11a8e3f60] SSL_AD_HANDSHAKE_FAILURE
2019-10-24 11:38:19.580300+0200 kitzapp[4043:970698] TIC TCP Conn Failed [1:0x281014900]: 3:-9824 Err(-9824)
2019-10-24 11:38:19.581237+0200 kitzapp[4043:970698] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2019-10-24 11:38:19.581256+0200 kitzapp[4043:970698] Task <AD4E6A5F-EDA5-47C0-B134-1F417AD96F2B>.<0> HTTP load failed (error code: -1200 [3:-9824])
2019-10-24 11:38:19.581391+0200 kitzapp[4043:970706] NSURLConnection finished with error - code -1200
Error downloading appConfig.json: Unable to complete SSL connection

 

I have migrated the project to Unity 2018.4.11 to check if there is some fix for that in newer versions, but the issue is still there.

Any help will be appreciated. Thanks!

 

Hey guys, I had a similar issue. For me I was getting one user reporting this error. It turns out that too many requests were being sent too quickly and his network ended up timing out at 70 requests and failed the one immediately after the limit then failed the ones after that with the SSL connection errors.

My solution is to just wait in between batches of requests to avoid this issue.

 

We have it on 2018.4.6

I ve implemeted custom certificateHandler for android and ios platform to skip certificate validation (always return true) but unfortunalty it was unsuccessful. Any ideas?

 

I think the problem, at least for my case, is that the certificate is not being even downloaded. There is a handshake error during initial connection, and server aborts or block the call.

So we are never calling the ValidateCertificate method in the custom handler.

I've discovered that it works when I use BestHTTP instead of UnityWebRequest. The problem with BestHTTP is that, due to the TLS implementation done in C#, the download is way too long, like 10x (6 seconds to 62) with a 120Mb asset bundle.

To add more confussion, the download works without issues from Android devices, so the problem appears only on iOS builds.

 

Hi. I ran into TLS handshake failure a problem and ended to this thread. I built my Windows Standalone app using Unity 2018.4.0f1. The app simply sends a HTTPS GET requests using UnityWebRequest when the app is started. On my development PC (Windows 10) it succeeds, but on another laptop (also Windows 10) it fails and I get "Handshake failure" when looking at the traffic with Wireshark. See the screenshots below:



I tried updating to to Unity 2018.4.12f1 but the problem persisted.
Both PC:s have the latest updates from Windows Update.

I am out of ideas how to tackle this. I thought this should be already fixed in 2018.4.12f1, but am I mistaken?

 

Yes, I was able to access the same url on Firefox. But now the problem is gone, and im not entirely sure why - maybe something triggered the update on the Windows certificates (cannot be accessing the site with Firefox, as it has its own certificate storage afaik).

 

Still having this problem on 2018.4.6f

Apr. 16% of incomming players struggling with this error. How can we resolve this?

Platform is android

 

With a build made with 2018.4.0f1 it seems it is possible to fix this issue by visiting the URL with Internet Explorer. So are you saying, if we update to 2018.4.12.f1, the trick with IE wouldn't be necessary?

 

We are having same problem: "Unable to complete SSL connection"

Mostly iOS 13 Users are affected with hundreds of failed requests.

Any solution yet ?

 

What's the current status here? We have launched a new app this January and are getting a number of these on both iOS and Android from Unity 2018.4.13f1 builds. Reading through this thread, I'm still unclear whether it's a UnityWebRequest issue or if switching to an alternative HTTP library would be a good workaround?

 

This has suddenly started happening for my application on older Android variants.
These users were having no problems but one day to next no web access for my app.
I think perhaps the increase in internet load due to everybody working at home has triggered this.
I had to downgrade my Android device to 4.4.2 but now am able to reproduce it every time. Prior to that I was on Android 6 and had no issues. One user has since upgraded devices and the issue went away with the newer Android version.
Any ideas or workarounds?
Why was the bug closed it doesn't seem resolved:
https://fogbugz.unity3d.com/default...498.810347104.1585893966-655320853.1585893966

 

I have the same problem with my app (made with Unity 2018.4.19f1) on Android 4.4.2 (ARM 32bit). I can't access the API via https with the app or the internal (Samsung) browser. It works fine with Chrome on the same device. According to ssl-trust.com my certificate is fine and it works on all other platforms/Android versions so far (AFAIK).

I don't want to write a custom certificate validation as that is not future proof.

EDIT: One problem could be that my Cert Chain of Trust contains "Let's Encrypt" which Android 4.4.2 doesn't know anything about.

EDIT2: Attached the Unity log. The server doesn't even have a log about the failed connection attempt.

EDIT3: Or its reliance on SSLv3 which is deemed obsolete and insecure.

EDIT4: Forcing TLS or a custom certificate handler also doesn't work.

 

For those who want to do simple data reading from a website
Good old WWW is your best friend

disable the obsolete warning cause UnityWebRequest itself is obsolete heh jk

#pragma warning disable CS0618

WWW wwwlord = new WWW(URL);

 

Yes, UnityWebRequest works as expected when using HTTP
But on Android 8+

android:usesCleartextTraffic="true"

needs to be added to the manifest file
Otherwise, you will get

Unknown Error

and when using HTTPS problems get fancier like you have to add

<domain includeSubdomains="true">example.com</domain>

or do some certificate validation stuff which i never understand

And Ffs add it to your documentation, some photoshop skills

unity docs: it's android bug they have to update their api

 

I am getting this error "unable to complete ssl connection" for the first time on 3years.

100% on Android

A simple

Code (CSharp):

1. UnityWebRequest.Get("https://laurum.online/news.php");

on Nox 6.6.05 replicates the issue for me

 

Where you able to fix this?

 

No. I just had to remove online support for those devices.

 

I wouldn't say I was able to "fix it" but I was getting ready to split who could use http and https by android version, got my Nginx proxy manager up and running, requested a new certificate and to my surprise, the issue was now fixed. No more SSL errors.

 

I'm using ELB of AWS and I'm crazy about 'Failed to receive data' or 'Unable to complete SSL connection'.

'Failed to receive data' only in Android.

'Unable to complete SSL connection' Android and IOS both.

'Unable to complete SSL connection' is not 100%, but it occurs frequently when you first connect to the server. Of course, it happens sometimes in the middle.

It doesn't necessarily happen to the same user, it happens intermittently.

A forced retry when a problem occurs can somehow be resolved, but it is not a fundamental solution.

There must be a clear guide.


KeepAliveTime is set to ELB default time of 60 seconds.

I Use CloudFront And GlobalAccelator.

The same problem occurs for both solutions.

I Use Unity 2019.3.2f1

The same symptom was confirmed in 2019.4.0.

It's so hard...

Please give me a solution.

 

IOS even has a memory leak issue.

https://answers.unity.com/questions/1704812/unity-ios-13-memory-leak-crashunity-ios-13-memory.html


And Similar issue

https://forum.unity.com/threads/rest-request-to-ssl-server-failed-to-receive-data.651616/

 

Does the BestHttp plug-in not cause the problem except for the slow one?

 

Finally, why do the same questions and problems repeat?

I don't know what the point is,

Failed to receive data

Or

Unable to complete SSL connection

This is actually happening at a very high probability, and Unity should present a solution accordingly.

I am using AWS' ACM's certificate and getting certification through ELB. This is a universal method used by so many people.

And in the future, this approach will increase, and it will be fatal if the problem is not solved.

 

I'm trying to setup UDP with IAP and getting this when trying to sandbox test on UDP. Is it related?

Using 2018.4.5

 

Can someone share which 2018.4 version has the working solution?

 

A little more info:
I was able to reproduce the issue. It was occuring for about 10 minutes.
The requests to our AWS server started to become extreamly slow, a bit later all failed with the SSL error message above. At that time period none of colleages experienced that issue, but it occured on all of my devices (android/editor)
Than I realised I don't use the same internet provider as my coleages so I asked one of them to check with the same provider (Telekom), and after that he also got the same issue. Every other internet services were great and fast with that internet provider except our requests. Than after 10 minutes it solved itself and the requests became super fast again for everybody.
The problem is that it occurs randomly and even it occurs for our players.