Using the following code with Scripting Runtime Version .NET 4.6
using System.Net.Security;
using System.Net.Sockets;
using UnityEngine:
public class TlsTest : MonoBehaviour{
void Start(){
TcpClient client = new TcpClient ();
client.Connect ("localhost", 56782);
SslStream ssl = new SslStream (client.GetStream());
ssl.AuthenticateAsClient ("localhost");
}
}
gives me this error:
Assets/Main.cs(8,19): error CS0012: The type `Mono.Security.Interface.IMonoSslStream' is defined in an assembly that is not referenced. Consider adding a reference to assembly `Mono.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756'
Using the code with .NET 3.5 is fine BUT .NET 3.5 is missing TLS 1.2 (4.6 should have it).
Since I need TLS 1.2 using .NET 3.5 isn’t a solution.
Assets/Main.cs(8,19): error CS7069: Reference to type `Mono.Security.Interface.IMonoSslStream' claims it is defined assembly `Mono.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756', but it could not be found
Actually when we build Mono for Unity we don’t include TLS 1.2 support, as how it is supported and implemented varies across platforms. We’re currently working on a common backend which will support TLS 1.2, but it is not ready yet.
So the new Mono runtime has the same TLS support as the old Mono runtime - which is to say - not much. We’re working to improve that.
Thanks for the answer!
For my next iOS and Android project TLS1.2 will be mandatory.
Do you think your are able to implement it till the end of the year?
If not, I’m going to use the platforms native SSL Engines and build a workaround, but an out of box unity would be much cooler
Thank you for this update, I have been looking forward to TLS 1.2 support for years. Will that support allow for System.Net.Protocol to be used instead of mono or will it be a custom build from Unity that allows TLS 1.2 encryption over sockets to be possible on iOS? Most of my back-end server uses custom asynchronous socket management, but the TLS limitations prevents me from using TLS 1.2.
I prefer direct socket management as I have full control of who and what is connecting to my server allowing me to isolate sensitive data and protect it better. Thus, i don’t use web based HTTPS calls, unless I have to. For example, I know UnityWebRequest handles TLS 1.2 just fine, but, I don’t use HTTPS calls which build and tear down the socket, I maintain a socket connection with the Socket class.
I would be open to moving to TPL if it supported TLS12 on all of the platforms, but I would like to maintain that socket level control.
We will have TLS1.2 on all platforms in 2018.2 via UnityWebRequest, SSLStream and other higher level .Net45 classes like HttpClient.
As far as I know, UnityWebRequest does not support TLS on all platforms currently.
I’m not sure though what you mean with System.Net.Protocol. Also, I don’t know what TPL is in this context, can give a few more details maybe? Thanks!
UnityWebRequest is more focused on website, webserver based HTTP requests. The Socket Class is using Mono for the TLS security, it’s outdated, that’s what needs to be updated. The System.Net.Portocol is just related, it’s where the enum is for Tls12.
TPL is just the Task Parallel Library, it’s another way to implement an asynchronous socket server, though I don’t know a lot about it, I believe it wraps around the Socket class at a higher level. I would hope Unity has discussed in detail how to get the Socket class up to speed by now as I have brought this up for years…
If you’re talking about System.Net.Sockets.Socket, it is not using any SSL/TLS at all. After all, it is just a socket. As such it is not aware of any higher level protocols and operates solely on UDP/TCP. You can of course use Socket with SSLStream though.
What is it that you are missing with the Socket? I’m fairly new here, so I think missed any concerns about it.
That is the issue ticket. The TLS protocol does not work above TLS v1.0. So for example,
System.Security.Authentication.SslProtocols.Tls11 or Tls12 cannot be used.
SslStream.BeginAuthenticateAsServer(ClientCertificate, true,
System.Security.Authentication.SslProtocols.Tls, true, new AsyncCallback(AuthenticateCallback), newClient);
Version Unity 2018.2.0b3, has a similar issue, but the overall problem of TLS above v1.0 is still not working. Though the error is different now. I know they’re working on it, I submitted a bug for b1, however the issue remains in b3.
@Bhearus : I replied on your issue via fogbugz, but here again for everyone to read:
Your specific error is caused by accessing one of the SslStream properties that are on Mono’s “internal todo” list. Means that we’re are not getting them in our backend at all yet. We could go ahead and implement them ourselves, but that would mean conflicts in the near future thus making it harder for us to keep things up to date.
So I’m sorry to say that we won’t fix this for 2018.2
Affected are:
