PlayFab recently sent me a warning stating that some of the traffic from my WebGL game is using TLSv1.0 and that they’re about to discontinue TLSv1.0 support.
What I dont understand is, whenever I log the traffic of my webgl using chrome tools, it states I am communicating via TLSv1.2.
This reads to me a likely explanation. TLS 1.2 was introduced in August 2008, so it should be widely supported anywhere. The client browser and the web server will negotiate TLS encryption settings, so this should be all automatic.
There is nothing that you as a WebGL platform game developer would be able to address, unless you are configuring your web server on your own; which sounds to me that PlayFab is doing for you?
Is PlayFab able to give you network traffic statistics of how much of the total bandwidth TLS < 1.2 constitutes?
Thank you so much for taking the time, I truly appreciate it.
To clarify, PlayFab is a BaaS tool which I use for user accounts and the client itself is hosted via nfoservers so do you mean the web server being communicated with(PlayFab) is what plays a role in the TLS settings or the web server the WebGL client is running on? (Seeing as the client game files are hosted on a webserver too)
My assumption is that the client browser and server being communicated with is all that matters, but just trying to clarify.
I will pass the question you posed to them as it was their suggestion to ask here.
What about a game running on Windows and communicating with PlayFab. Could it be possible that the windows version is using TLSv1? (Even though based on the docs, it supports v1.2?)
Is using TLSv1.2 something I have to enable?
They state that about 0.5% of requests are TLSv1 which leads me with 2 possibilities:
A tiny percentage of users using outdated browsers
My windows game servers (Since there are significantly less game servers than players)
I am afraid my knowledge ends beyond the web platform. Not quite sure if there might be a Windows game server component that would be using older TLS. Might be a shot to guide the question towards Windows sides of the forums to be sure.
On Web platform at least Unity does not govern any own implementations of TLS, it is all browser managed, so I know it would not be anything in Unity’s Web platform builds at least that could be doing this.
I pinged internally about this, and the reply I got back was
“Assuming any TLS-enabled component in the server uses UnityTLS under the hood to establish the session, clients should always offer support for TLS 1.2, unless explicitly told to do otherwise through authentication options.”
If that applies to you, then may be worth double checking the option.