TLS 1.2 and Unity API

Introduction

Unity API is upgrading the security within the API and as such will be updating the TLS configuration to a minimum of version TLS 1.2 on Nov 1st, 2023 – with support for TLS 1.3 being added in addition ahead of this date.

Whilst most Unity API users (>99%) are already using TLS 1.2, those not using it may be impacted. To avoid any issues whilst using the API beyond this date it is recommended for Users to upgrade to TLS 1.2.

The following article explains what TLS is, why it is important to upgrade and general guidance on how to upgrade on local machines.

What is TLS?

Transport Layer Security (TLS) is a cryptographic protocol that ensures secure communication over computer networks.

As the name implies it provides privacy, data integrity and authentication between two communicating applications.

Why is it important?

• Confidentiality: TLS ensures that the data transmitted between two parties remains confidential. It encrypts the data, making it unreadable to anyone who intercepts it during transit.
• Data Integrity: TLS protects the integrity of the data by detecting any unauthorized modifications or tampering during transmission. It uses cryptographic techniques to ensure that the data received is the same as the data sent, without any alterations.
• Trust and Verification: TLS relies on digital certificates issued by trusted certificate authorities (CAs) to verify the authenticity of the communicating parties. This establishes trust between the client and the server, ensuring that the connection is secure.
• Compatibility and Interoperability: TLS is widely supported across different platforms, operating systems, and web browsers. It allows secure communication between a variety of devices and applications, enabling interoperability in the digital world.

Most devices on the Internet are already using TLS 1.2.

What is the difference between TLS 1.2 and previous versions?

In summary TLS 1.2 provides better security and performance than previous versions. It was first published back in 2008. Even though backward compatibility exists, this will not be available on the Unity servers due to the security risk posed.

Why the upgrade to TLS 1.2?

It offers:

1. Enhanced Security
2. Regulatory Compliance
3. Vulnerability Mitigation
4. Improved Performance

How to update to TLS 1.2

The information to upgrade your application to support TLS 1.2 will largely depend on the specific technology and operating system you're using.

Here are the steps you can follow to upgrade to TLS 1.2:

• Check Your Current TLS Version: First, identify which version of TLS your application is currently using when making requests to Unity API. The method for this will vary depending on your technology stack. AWS has a good resource recommending the use of Wireshark to check which TLS version has been negotiated for a connection. More information can be found on their site TLS 1.2 will be required for all AWS FIPS endpoints beginning March 31, 2021 | AWS Security Blog (amazon.com).
• Update Your Libraries: Many modern programming languages and frameworks support TLS 1.2 out of the box, but older ones may require you to update certain libraries.
• Configure Your Application: Ensure your application is configured to use TLS 1.2. This will depend on the specific language and framework you're using. Especially when your application is built on a Microsoft .NET Framework version earlier than 4.6.2 it could still be using TLS 1.0 or 1.1 only. Further information can be found at the following Microsoft resource Transport Layer Security (TLS) best practices with the .NET Framework - .NET Framework | Microsoft Learn
• Update Your API Calls: If your application is making API calls to a server that supports TLS 1.2, ensure those calls are being made using TLS 1.2. You may need to update your HTTP client or library if your application isn’t using TLS 1.2.
• Test Your Application: After making these changes, thoroughly test your application to ensure it's working correctly with TLS 1.2.