Unity TLS Internal Error : 4294936320

How to use SSLStream sockets with selfsigned certificates ?
Im getting this error on AuthenticateAsServer :

TlsException: Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: 4294936320

Here’s my server code:

Cert = new X509Certificate2("Assets/Certs/certificate.p12", CertPassword);
SslStream sslStream = new SslStream(new NetworkStream(client), false);
sslStream.AuthenticateAsServer(Cert, false, System.Security.Authentication.SslProtocols.Default, false);

Here’s my client code:

Cert = new X509Certificate2("Assets/Certs/certificate.pem");
SslStream = new SslStream(new NetworkStream(Client), true, (a, b, c, d) => { return true; });
SslStream.AuthenticateAsClient("127.0.0.1");

Have you figured this out? Thanks, David

@nyxassasin @kinetisense

The error you’re encountering is due to the use of a self-signed certificate. Unity’s TLS implementation doesn’t trust self-signed certificates by default, which causes the handshake to fail. To resolve this issue, you can create a custom certificate validation callback for your server and client code.

server code:

Cert = new X509Certificate2("Assets/Certs/certificate.p12", CertPassword);
SslStream sslStream = new SslStream(new NetworkStream(client), false, ServerCertificateValidationCallback);
sslStream.AuthenticateAsServer(Cert, false, System.Security.Authentication.SslProtocols.Default, false);

And the server certificate validation callback:

private static bool ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true; // Accept all certificates
}

client code:

Cert = new X509Certificate2("Assets/Certs/certificate.pem");
SslStream sslStream = new SslStream(new NetworkStream(Client), true, ClientCertificateValidationCallback);
sslStream.AuthenticateAsClient("127.0.0.1");

And the client certificate validation callback:

private static bool ClientCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true; // Accept all certificates
}

Please note that this approach disables certificate validation, which is insecure and should be used for testing purposes only. In a production environment, you should use a proper certificate validation mechanism.