Code: Select all
[SFS > ERROR] [WebSocketLayer] Connection error: An exception has occurred while connecting. at WebSocketSharp.WebSocket.setClientStream () [0x00000] in <filename unknown>:0
at WebSocketSharp.WebSocket.doHandshake () [0x00000] in <filename unknown>:0
at WebSocketSharp.WebSocket.connect () [0x00000] in <filename unknown>:0
UnityEngine.Debug:Log(Object)
Connector:ShowLogMessage(String, String) (at Assets/ConnectorAssets/Scripts/Connector.cs:214)
Connector:OnErrorMessage(BaseEvent) (at Assets/ConnectorAssets/Scripts/Connector.cs:208)
Sfs2X.Core.EventDispatcher:DispatchEvent(BaseEvent)
Sfs2X.SmartFox:ProcessEvents()
Connector:Update() (at Assets/ConnectorAssets/Scripts/Connector.cs:57)
After a bit of troubleshooting, I think I have arrived at the root cause.
Code: Select all
nmap --script +ssl-enum-ciphers -p 8443 172.16.10.18
PORT STATE SERVICE
8443/tcp open https-alt
| ssl-enum-ciphers:
| TLSv1.0: No supported ciphers found
| TLSv1.1: No supported ciphers found
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong
| TLS_RSA_WITH_AES_128_CBC_SHA256 - strong
| TLS_RSA_WITH_AES_128_GCM_SHA256 - strong
| compressors:
| NULL
|_ least strength: strong
Nmap done: 1 IP address (1 host up) scanned in 0.76 seconds
All ciphers on offer from the SFS server are using SHA256. But when I do a wireshark capture on the Unity client, I see:
Code: Select all
Secure Sockets Layer
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 69
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 65
Version: TLS 1.0 (0x0301)
Random: 5b36f41993cd5c90d858366f94855012e984255e8b5715dd...
GMT Unix Time: Jun 30, 2018 08:38:09.000000000 India Standard Time
Random Bytes: 93cd5c90d858366f94855012e984255e8b5715dd5f5eb833...
Session ID Length: 0
Cipher Suites Length: 26
Cipher Suites (13 suites)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 (0x0060)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 (0x0061)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
None of the cipher suits offered by the client have SHA256. Therefore there is none common, and hence the handshake fails.
1. Am I correct in my RCA?
2. If yes, how can I solve this? I don't want to use SHA1 or MD5 at the server side; my preference is to change things on the client side to work with SHA256.
Also, the server does not seem to be offering AES256. Is it something I can enable with a switch?