Unity SSL TlsException

I am using Unity to build the client for my online game. The server uses REST with JWT and I have successfully integrated that with Unity since very early on in the project. The server runs on Heroku. I am attempting to switch to SSL for production. Heroku manages certificates for me (ACM). However, Unity is now complaining when it attempts to connect to the server for the first time via HTTPS.

Here is the error message:

TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates)

From the research I’ve done on other posts, the root problem appears to be that the Unity version (and thus, the mono version) I am using most likely cannot handle SHA256. Here is the most closely related thread I’ve found, which led me to this conclusion: Unity Issue Tracker Post. Other threads have suggested downgrading the encryption or telling Mono to accept the certificate without being able to validate it. Obviously, both of those are horrible security practices. Heroku will also not allow me to downgrade the cert security, anyway. Which is smart.

I am currently on Unity 5.4.3f1. My question is whether anyone can confirm:

  • Is my diagnosis likely correct?
  • And, if so, will upgrading Unity add
    support for this (and at what
    version)?

Right, problem solved. WebRequest cannot decrypt a SHA256 cert. I was using that for the auth call, as I said, because UnityWebRequest cannot handle the JWT token exchange. I did a test call and verified that UnityWebRequest otherwise can decrypt SHA256. So the limitation is definitely Mono v2.

I switched the auth call from WebRequest to WWW (the low level api or “LLAPI” as opposed to UnityWebRequest which is the high level api or “HLAPI”). After some testing, this appears to both handle SHA256 and handle the JWT token exchange correctly.

Thus, I have a probably solution. I will need to build to and test on my target platforms. All of the above was verified through the Unity player. Thanks to @Bunny83 for the assistance–the discussion got me to where I needed to be.

TL;DR:

  • Unity 5.4 (and probably also 5.5 and 5.6) cannot decrypt SHA256 certificates if you use .NET WebRequests, because mono v2.X only supports SHA1.
  • If you can use either UnityWebRequest OR WWW, which are both Unity tools that don’t depend on WebRequest, you should be okay.

Hello i’ve this script for read a simple file xml inside unity:

private string filepath = “mywebsite.com is available for purchase - Sedo.com”;

public void Read()
{
    Debug.Log("eccolo");
    
    XDocument doc = XDocument.Load(filepath);

    foreach (XElement el in doc.Root.Elements())
    {
        Debug.Log(string.Format("{0} {1}", el.Name, el.Attribute("id").Value));
        Debug.Log(string.Format("  Attributes:"));
        foreach (XAttribute attr in el.Attributes())
            Debug.Log(string.Format("    {0}", attr));
        Debug.Log(string.Format("  Elements:"));

        foreach (XElement element in el.Elements())
            Debug.Log(string.Format("    {0}: {1}", element.Name, element.Value));
    }
}

And i’ve this error when call:

TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010f
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates)
Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 ()

Can you help me please?

Thank you