UnityWebRequest with TLS 1.2 on Android 4.4.4 with API 19

miloszcc · March 30, 2021, 1:30pm

Hello,

I would like to force the UnityWebRequest on the Android 4.4.4 device (API 19) to use the tls 1.2 proctocol when connecting to the server. I’ve checked that this device supports tls 1.2 by using Chrome browser. I’m using Unity 2018.4.33f1. Below you can find the errors I get from adb:

E/Unity   (15700): UnityWebRequest: errorCallback with error=javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7d3027c0: Failure in SSL library, usually a protocol error
E/Unity   (15700): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x685d9f10:0x00000000) url=<here-is-server-address>
E/Unity   (15700): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x7d3027c0: Failure in SSL library, usually a protocol error
E/Unity   (15700): error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x685d9f10:0x00000000)
E/Unity   (15700):
E/Unity   (15700): (Filename: /Users/builduser/buildslave/unity/build/Platforms/Android/Modules/UnityWebRequest/Transports/TransportAndroid.cpp Line: 474)

UnityWebRequest tries to use sslv3, which is an unsafe protocol. On newer Android devices (>= 5.0) the tls 1.2 protocol is used.
There was one issue related to this problem on the issue tracker:

but it was fixed in 5.5.0. Please let me know how to solve this problem.

Kurt-Dekker · March 30, 2021, 5:11pm

The 4.4.4 device might not support TLS1.2 in the operating system but rather only in Chrome, which could be updated separate to the OS being updated.

miloszcc · March 31, 2021, 2:26pm

Thanks for your answer. How to check if the OS supports TLS 1.2?

The options that I can see are:

Reimplement the communication with the server by using a new library (maybe asset?) that uses independent implementation of TLS 1.2.
Add support for SSLv3 on the server.

option requires some implementation effort, and I’m still not sure if it will work.
is unsafe for the users and I would like to avoid it.

Are there any other options?

Aurimas-Cernius · April 1, 2021, 8:55am

The TLS 1.2 is supported since Android 5, as I can quickly find.
If you use Unity 2019.4 or newer, you should have TLS 1.2 regardless Android version.
I don’t thing you need to go down to SSLv3, TLS 1.1 should be supported.

Topic		Replies	Views
[QUESTION] UnityWebRequest and SSL protocol on Android Unity Engine Scripting	2	1110	February 25, 2019
SSL, TLS on Android Unity Engine Android , Platforms	4	2867	April 13, 2018
SSL connectivity errors on Android Unity Engine Android , Platforms	15	8065	February 23, 2021
UnityWebRequest Connection error (SSL CA) on few devices Unity Engine Android , Platforms , Question	4	4145	October 3, 2022
UnityWebRequest SSL CA Certificate Error only on Android build Unity Engine Android , Platforms , Bug	2	958	June 27, 2024

UnityWebRequest with TLS 1.2 on Android 4.4.4 with API 19

Related topics