Intermittent "Unable to complete SSL connection" errors with UnityWebRequest

This issue is very similar to the one in this thread .

Seemingly at random, HTTPS calls from our client will fail with “Unable to complete SSL connection”. Here’s a list of what we know so far, since it’s a complex issue:

  • Our game is using 2018.2.14f1. We haven’t tried a build on 2018.1 or earlier, which people in the other thread said might help, because it wouldn’t be feasible for production.

  • We haven’t found a reliable repro for the issue. Our client is currently PC-only, so we haven’t been able to see if it affects Android/iOS more or less often than PC, and we don’t have any users that report the issue 100% of the time. Our logging backs this up. We’ve made some builds that spam secure requests and let them sit overnight, but no repro so far.

  • When the issue is triggered, all secure calls made by that client within the next few seconds will fail with the same error. It seems to go away after that (i.e. it doesn’t affect the entire session for that client), but it can be triggered additional times during that session.

  • All domains and certificates seem to be affected once the issue is triggered, not just calls to a specific domain.

  • All secure UnityWebRequests are affected, but secure traffic over a previously established web socket is fine.

  • We’re fairly certain that it’s not tied to specific certificates or root CAs. No PCs are affected 100% of the time, which rules out a machine not having a cert in its local store. Additionally, most of our failures are on our analytics service simply because we call it more than anything else, and we’ve confirmed that those calls always use the same cert (i.e. there isn’t a broken cert somewhere in the load balancer that triggers the issue when hit, but the other nodes are fine).

  • Currently, our best lead is that most of the time – but not all of the time – the very first failure is actually an HTTP 400, and then subsequent calls hit “Unable to complete SSL connection”. We’re not sure what causes the 400s, and this could be a red herring, because it’s strange that a failed call would affect SSL handshakes on future calls. Our UnityWebRequests are in an IEnumerator like TitanUnity’s in the other thread, and they are properly disposed of between calls.

Our main takeaways are that the issue doesn’t happen to a given client 100% of the time and it goes away after a few seconds, so we’re thinking it’s a bug under the hood that affects all UnityWebRequests created in that time.

Happy to provide any additional info that might be useful. Thanks!

Could it be connection loss?
iOS is specific in this case, since for UnityWebRequest we don’t use a particular TLS library, UWR is implemented on top of NSURLSession (in latest versions, was NSURLConnection before).
You have the source code for backend available to you, see WWWConnection.mm and UnityWebRequest.mm under Classes/Unity in XCode project.

We’ve considered this, but our logging doesn’t show any evidence of connection loss, and websocket connections are fine when it happens. I’d also expect something closer to “could not find destination host” during outright connection loss than a repeated failure at the SSL/TLS stage.

Re: iOS: Our client is currently PC-only.

We are seeing this also, intermittent SSL Connection failures for the Unity Mapbox requests.

We are on MacOS and see it with both the Unity Editor, and WebGL build running in Safari, Firefox, and Chrome.

Since this is happening intermittently, I suspect it is a race condition.

I think the race condition could be at any level of the network API stack, though since I do not see this with anything other than our Unity project, it is somehow related to the Unity Network stack.

Here is one of the many console error messages:

MapBox web request failed, error=Unable to complete SSL connection, code=0, method=GET, url=https://api.mapbox.com/xxxxxx/v1/xxxxxx/ckr5ok4hc06d217n2xtsi3mn4/tiles/12/662/1579?access_token=xxxxxx&sku=xxxxxx, response header:
#0 GetStacktrace(int)
#1 DebugStringToFile(DebugStringToFileData const&)
#2 DebugLogHandler_CUSTOM_Internal_Log(LogType, LogOption, ScriptingBackendNativeStringPtrOpaque*, ScriptingBackendNativeObjectPtrOpaque*)
#3 (Mono JIT Code) (wrapper managed-to-native) UnityEngine.DebugLogHandler:Internal_Log (UnityEngine.LogType,UnityEngine.LogOption,string,UnityEngine.Object)

Note: Our requests use a custom MapBox style, TBD if it happens without that style.

We are also seeing intermittent “Cannot connect to destination host” errors.

The failing requests work later on and also later when using a browser, even if I hit reload on the browser repeatedly.

Example console error message:

MapBox web request failed, error=Cannot connect to destination host, code=0, method=GET, url=https://api.mapbox.com/styles/v1/xxxx/xxxx/tiles/15/5231/12659?access_token=xxxx&sku=xxxx, response header:

#0 GetStacktrace(int)
#1 DebugStringToFile(DebugStringToFileData const&)
#2 DebugLogHandler_CUSTOM_Internal_Log(LogType, LogOption, ScriptingBackendNativeStringPtrOpaque*, ScriptingBackendNativeObjectPtrOpaque*)
#3 (Mono JIT Code) (wrapper managed-to-native) UnityEngine.DebugLogHandler:Internal_Log (UnityEngine.LogType,UnityEngine.LogOption,string,UnityEngine.Object)