An error has occurred during a TLS handshake

CyborgTop
CyborgTop
edited August 2022 in Photon Server

Hi all! My application works on webgl in browser. The self-hosted server works on AWS(windows server 2019).

I have successfully connected from the Unity-Editor and from any browser (with http but not https) to the my photon server.

I use next "PhotonServerSettings": ws://example.compute.amazonaws.com: port: 9090

[removed image]

But to work in WebGL, the site requires WSS otherwise the browser gives an error:

Mixed Content: The page at 'https://mytest.game-website.com/index.html' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://example.compute.amazonaws.com:9090/?libversion=4.1.6.17&sid=30&app=[...]&IPv6'. This request has been blocked; this endpoint must be available over WSS.

If I'm trying to connect from the Unity-Editor wss://example.compute.amazonaws.com: port: 19090

[removed image]

The editor shows the error: 

"Connecting WebSocketsharp: An Error Has OcCurred During a Tls Handshake."

I created a subscription certificate according to the instructions. The certificate file (server.pem) put in the "deploy/bin_win64/certs" folder, the certificate is successfully installed in the logs.

What I'm doing wrong, I can’t find the answer. Please give advice.


PUN: 2.41

photon lib: 4.1.6.17

server: 5.0.12.7770 RC1


THX!!!

Best Answers

  • Meep
    Meep ✭✭✭
    Answer ✓

    Hi, self-signed certs do not currently work. @chvetsov may have a better explanation but all I know is that they don't work in V5 of the server. You need a real one.

  • chvetsov
    chvetsov mod
    Answer ✓

    hi, @CyborgTop


    this topic is quite often painful for devs. for some it just works for some not.

    is example.computer.amazonaws.com real name? Can you connect to it using just tcp?


    best,

    ilya

  • chvetsov
    chvetsov mod
    Answer ✓

    >After switch platform to Desktop(Mac,PC,Linux). Client seccesfuly connected by ip or domain name.

    @CyborgTop where did you change it? did connect using self signed certificate?


    best,

    ilya

  • Tobias
    Tobias admin
    Answer ✓

    WSS can be picky with certificates. Glad this got sorted!

    While the AppId is not exactly something you can keep as a secret, we don't think you should have it in posts or screenshots, so I removed those in the first post. Sorry for the inconvenience. Would be awesome if you could edit the post to re-add the images with blurred AppId.

Answers

  • Meep
    Meep ✭✭✭

    Hello, do you have SSL certificates installed?

  • CyborgTop
    CyborgTop
    edited August 2022

    I generated self-signed certificate server.pem like in the instruction. Then put to the folder "deploy\bin_Win64\certs". Converted "cert.key" and "cert.pem" to .pfx file then Installing as trusted root certificate to the store.

    Photon-LoadBalancing show in log:

    I hoped that these logs indicate the correct installation of a certificate.

  • Meep
    Meep ✭✭✭
    Answer ✓

    Hi, self-signed certs do not currently work. @chvetsov may have a better explanation but all I know is that they don't work in V5 of the server. You need a real one.

  • hi, @CyborgTop

    self signed certificates work only during development

    for production case you need real one.


    best,

    ilya

  • hi. @chvetsov thanks for the answer.

    I want to clarify if I understand you correctly.


    1) For the development version I should use "ws:// with http://" but for the production version "wss:// with https://" with a valid certificate (NOT self-signed)? 


    2) Self-hosted Photon server v5+ is not support self-signrd certificate for wss://? That's why the error occurred: "An Error Has OcCurred During a Tls Handshake."?


    Thanks.

  • @CyborgTop

    v5 supports self signed certificates for development. it is actually clients do not support self signed certificates. During development you run from Unity and it digest self signed stuff, but browser do not allow it.

    best,

    ilya

  • @chvetsov

    Ok. But iam get this error(An Error Has OcCurred During a Tls Handshake) in Unity Editor not a browser. When launch project in editor it means development mode; Or am I confusing something

  • chvetsov
    chvetsov mod
    Answer ✓

    hi, @CyborgTop


    this topic is quite often painful for devs. for some it just works for some not.

    is example.computer.amazonaws.com real name? Can you connect to it using just tcp?


    best,

    ilya

  • Hi @chvetsov, Thet not real url on AWS. A can connect to my server from WebGL only use ws://....((

    When PhotonServerSettings set protocol TCP Photon automatic switch protocol to WebSocketSecure;

    In log: "WebGL requires WebSockets. Switching TransportProtocol to WebSocketSecure"

    After switch platform to Desktop(Mac,PC,Linux). Client seccesfuly connected by ip or domain name.

    I try create trusted cerificat on "Let's encrypt" on my aws, but take anather problem

    An unexpected error occurred:

    The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "example.compute.amazonaws.com": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy

    trying to fix this problem)

    thnx.

  • CyborgTop
    CyborgTop
    edited August 2022

    Finally all is work))

    I changed domain name on aws server, created trusted certificate.. all error is gone. Clients successfully connecting through WSS

    @chvetsov , @Meep thanks guys, you are the best;

  • chvetsov
    chvetsov mod
    Answer ✓

    >After switch platform to Desktop(Mac,PC,Linux). Client seccesfuly connected by ip or domain name.

    @CyborgTop where did you change it? did connect using self signed certificate?


    best,

    ilya

  • CyborgTop
    CyborgTop
    edited August 2022

    No, i created trusted free certificate on 90 days. With self-signed wss not working...

    I chaged AWS domain name server, after this I was allowed to create a free trusted(valid) certificate

    The cause of all the trouble was a self-signed certificate

  • Tobias
    Tobias admin
    Answer ✓

    WSS can be picky with certificates. Glad this got sorted!

    While the AppId is not exactly something you can keep as a secret, we don't think you should have it in posts or screenshots, so I removed those in the first post. Sorry for the inconvenience. Would be awesome if you could edit the post to re-add the images with blurred AppId.

  • Thanks a lot, my mistake. I was in a hurry). There was small part of app id)) 


  • Thanks a lot.