An error has occurred during a TLS handshake
Hi all! My application works on webgl in browser. The self-hosted server works on AWS(windows server 2019).
I have successfully connected from the Unity-Editor and from any browser (with http but not https) to the my photon server.
I use next "PhotonServerSettings": ws://example.compute.amazonaws.com: port: 9090
[removed image]
But to work in WebGL, the site requires WSS otherwise the browser gives an error:
Mixed Content: The page at 'https://mytest.game-website.com/index.html' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://example.compute.amazonaws.com:9090/?libversion=4.1.6.17&sid=30&app=[...]&IPv6'. This request has been blocked; this endpoint must be available over WSS.
If I'm trying to connect from the Unity-Editor wss://example.compute.amazonaws.com: port: 19090
[removed image]
The editor shows the error:
"Connecting WebSocketsharp: An Error Has OcCurred During a Tls Handshake."
I created a subscription certificate according to the instructions. The certificate file (server.pem) put in the "deploy/bin_win64/certs" folder, the certificate is successfully installed in the logs.
What I'm doing wrong, I can’t find the answer. Please give advice.
PUN: 2.41
photon lib: 4.1.6.17
server: 5.0.12.7770 RC1
THX!!!
Best Answers
-
hi, @CyborgTop
this topic is quite often painful for devs. for some it just works for some not.
is example.computer.amazonaws.com real name? Can you connect to it using just tcp?
best,
ilya
0 -
>After switch platform to Desktop(Mac,PC,Linux). Client seccesfuly connected by ip or domain name.
@CyborgTop where did you change it? did connect using self signed certificate?
best,
ilya
0 -
WSS can be picky with certificates. Glad this got sorted!
While the AppId is not exactly something you can keep as a secret, we don't think you should have it in posts or screenshots, so I removed those in the first post. Sorry for the inconvenience. Would be awesome if you could edit the post to re-add the images with blurred AppId.
0
Answers
-
Hello, do you have SSL certificates installed?
0 -
I generated self-signed certificate server.pem like in the instruction. Then put to the folder "deploy\bin_Win64\certs". Converted "cert.key" and "cert.pem" to .pfx file then Installing as trusted root certificate to the store.
Photon-LoadBalancing show in log:
I hoped that these logs indicate the correct installation of a certificate.
0 -
Thanks a lot for the advice, I'll try it.
0 -
hi, @CyborgTop
self signed certificates work only during development
for production case you need real one.
best,
ilya
1 -
hi. @chvetsov thanks for the answer.
I want to clarify if I understand you correctly.
1) For the development version I should use "ws:// with http://" but for the production version "wss:// with https://" with a valid certificate (NOT self-signed)?
2) Self-hosted Photon server v5+ is not support self-signrd certificate for wss://? That's why the error occurred: "An Error Has OcCurred During a Tls Handshake."?
Thanks.
0 -
v5 supports self signed certificates for development. it is actually clients do not support self signed certificates. During development you run from Unity and it digest self signed stuff, but browser do not allow it.
best,
ilya
1 -
hi, @CyborgTop
this topic is quite often painful for devs. for some it just works for some not.
is example.computer.amazonaws.com real name? Can you connect to it using just tcp?
best,
ilya
0 -
Hi @chvetsov, Thet not real url on AWS. A can connect to my server from WebGL only use ws://....((
When PhotonServerSettings set protocol TCP Photon automatic switch protocol to WebSocketSecure;
In log: "
WebGL requires WebSockets. Switching TransportProtocol to WebSocketSecure
"After switch platform to Desktop(Mac,PC,Linux). Client seccesfuly connected by ip or domain name.
I try create trusted cerificat on "Let's encrypt" on my aws, but take anather problem
An unexpected error occurred:
The server will not issue certificates for the identifier :: Error creating new order :: Cannot issue for "example.compute.amazonaws.com": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy
trying to fix this problem)
thnx.
0 -
>After switch platform to Desktop(Mac,PC,Linux). Client seccesfuly connected by ip or domain name.
@CyborgTop where did you change it? did connect using self signed certificate?
best,
ilya
0 -
No, i created trusted free certificate on 90 days. With self-signed wss not working...
I chaged AWS domain name server, after this I was allowed to create a free trusted(valid) certificate
The cause of all the trouble was a self-signed certificate
1 -
WSS can be picky with certificates. Glad this got sorted!
While the AppId is not exactly something you can keep as a secret, we don't think you should have it in posts or screenshots, so I removed those in the first post. Sorry for the inconvenience. Would be awesome if you could edit the post to re-add the images with blurred AppId.
0 -
Thanks a lot, my mistake. I was in a hurry). There was small part of app id))
0 -
Thanks a lot.
0