An error has occurred during a TLS handshake
The whole answer can be found below.
Try Our
Documentation
Please check if you can find an answer in our extensive documentation on Photon Server.
Join Us
on Discord
Meet and talk to our staff and the entire Photon-Community via Discord.
Read More on
Stack Overflow
Find more information on Stack Overflow (for Circle members only).
An error has occurred during a TLS handshake
CyborgTop
2022-08-05 13:58:40
Hi all! My application works on webgl in browser. The self-hosted server works on AWS(windows server 2019).
I have successfully connected from the Unity-Editor and from any browser (with http but not https) to the my photon server.
I use next "PhotonServerSettings": ws://example.compute.amazonaws.com: port: 9090
[removed image]
But to work in WebGL, the site requires WSS otherwise the browser gives an error:
Mixed Content: The page at 'https://mytest.game-website.com/index.html' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://example.compute.amazonaws.com:9090/?libversion=4.1.6.17&sid=30&app=[...]&IPv6'. This request has been blocked; this endpoint must be available over WSS.
If I'm trying to connect from the Unity-Editor wss://example.compute.amazonaws.com: port: 19090
[removed image]
The editor shows the error:
"Connecting WebSocketsharp: An Error Has OcCurred During a Tls Handshake."
I created a subscription certificate according to the instructions. The certificate file (server.pem) put in the "deploy/bin_win64/certs" folder, the certificate is successfully installed in the logs.
What I'm doing wrong, I can’t find the answer. Please give advice.
PUN: 2.41
photon lib: 4.1.6.17
server: 5.0.12.7770 RC1
Uploaded 2022-08-05T13:58:37+00:00 7004 bytes Photon-LoadBalancing.txt
Uploaded 2022-08-05T14:20:16+00:00 34693 bytes
THX!!!
Comments
Hello, do you have SSL certificates installed?
Meep 2022-08-05T23:08:24+00:00
Hello, do you have SSL certificates installed?
I generated self-signed certificate server.pem like in the instruction. Then put to the folder "deploy\bin_Win64\certs". Converted "cert.key" and "cert.pem" to .pfx file then Installing as trusted root certificate to the store.
Photon-LoadBalancing show in log:
I hoped that these logs indicate the correct installation of a certificate.
Hi, self-signed certs do not currently work. @chvetsov may have a better explanation but all I know is that they don't work in V5 of the server. You need a real one.
Meep 2022-08-06T17:33:50+00:00
Hi, self-signed certs do not currently work. @chvetsov may have a better explanation but all I know is that they don't work in V5 of the server. You need a real one.
Thanks a lot for the advice, I'll try it.
hi, @CyborgTop
self signed certificates work only during development
for production case you need real one.
best,
ilya
chvetsov 2022-08-08T07:19:22+00:00
hi, @CyborgTop
self signed certificates work only during development
for production case you need real one.
best,
ilya
hi. @chvetsov thanks for the answer.
I want to clarify if I understand you correctly.
For the development version I should use "ws:// with http://" but for the production version "wss:// with https://" with a valid certificate (NOT self-signed)?
Self-hosted Photon server v5+ is not support self-signrd certificate for wss://? That's why the error occurred: "An Error Has OcCurred During a Tls Handshake."?
Thanks.
@CyborgTop
v5 supports self signed certificates for development. it is actually clients do not support self signed certificates. During development you run from Unity and it digest self signed stuff, but browser do not allow it.
best,
ilya
@chvetsov
Ok. But iam get this error(An Error Has OcCurred During a Tls Handshake) in Unity Editor not a browser. When launch project in editor it means development mode; Or am I confusing something
hi, @CyborgTop
this topic is quite often painful for devs. for some it just works for some not.
is example.computer.amazonaws.com real name? Can you connect to it using just tcp?
best,
ilya
Hi @chvetsov, Thet not real url on AWS. A can connect to my server from WebGL only use ws://....((
When PhotonServerSettings set protocol TCP Photon automatic switch protocol to WebSocketSecure;
In log: "WebGL requires WebSockets. Switching TransportProtocol to WebSocketSecure"
After switch platform to Desktop(Mac,PC,Linux). Client seccesfuly connected by ip or domain name.
I try create trusted cerificat on "Let's encrypt" on my aws, but take anather problem
An unexpected error occurred:
The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "example.compute.amazonaws.com": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy
trying to fix this problem)
thnx.
Finally all is work))
I changed domain name on aws server, created trusted certificate.. all error is gone. Clients successfully connecting through WSS
@chvetsov , @Meep thanks guys, you are the best;
After switch platform to Desktop(Mac,PC,Linux). Client seccesfuly connected by ip or domain name.
@CyborgTop where did you change it? did connect using self signed certificate?
best,
ilya
chvetsov 2022-08-09T12:03:46+00:00
>After switch platform to Desktop(Mac,PC,Linux). Client seccesfuly connected by ip or domain name.
@CyborgTop where did you change it? did connect using self signed certificate?
best,
ilya
No, i created trusted free certificate on 90 days. With self-signed wss not working...
I chaged AWS domain name server, after this I was allowed to create a free trusted(valid) certificate
The cause of all the trouble was a self-signed certificate
WSS can be picky with certificates. Glad this got sorted!
While the AppId is not exactly something you can keep as a secret, we don't think you should have it in posts or screenshots, so I removed those in the first post. Sorry for the inconvenience. Would be awesome if you could edit the post to re-add the images with blurred AppId.
Tobias 2022-08-10T15:25:09+00:00
WSS can be picky with certificates. Glad this got sorted!
While the AppId is not exactly something you can keep as a secret, we don't think you should have it in posts or screenshots, so I removed those in the first post. Sorry for the inconvenience. Would be awesome if you could edit the post to re-add the images with blurred AppId.
Thanks a lot, my mistake. I was in a hurry). There was small part of app id))
Thanks a lot.
Back to top