WebSocketPeer uses TLSv1.2 and can't change to TLSv1.3 #92101
Comments
Please don't do that, this is a breach of our Code of Conduct. We can understand frustration, but we shouldn't have to put up with it in our bug tracker. This doesn't make contributors want to help solve your issue. Now, if you could provide links to the documentation you're talking about and details in what you think is lacking, that would be constructive and actionable. |
This whole article is useless - https://docs.godotengine.org/cs/4.x/classes/class_websocketpeer.html |
|
Please define "useless", that's not in any way constructive or actionable criticism. I see a lot of useful information there myself. Some descriptions might be lacking, and to know in what way they are lacking, we would benefit from you explaining what you were expecting to find and couldn't. |
|
I'm expecting to find how to change TLS version at least |
|
Ok, I heard that TLSv1.3 is due to be added soon. If it's true, then the issue can be closed. |
Where did you hear this? I don't know if Godot uses a recent enough mbedTLS version to support TLS 1.3 (it probably does already). |
|
|
|
TLSv1.3 is supported by the used version of mbedTLS, but it is disabled: godot/thirdparty/mbedtls/include/godot_module_mbedtls_config.h Lines 62 to 65 in 8e2141e |
|
So some actionables:
@godotengine/network |
The documentation states This is part of the WebSocket standard (should we add this link in the docs?) and has nothing to do with the TLS version (which is not part of WebSocket itself). The TLS version supported is explained in the HTTPClient, we should link to it from the websocket docs (like we do in the HTTPRequest class), and probably update it because AFAIR support for TLSv1.0/1.1 has been dropped (they have long been deprecated as insecure), so only TLSv1.2 is supported right now (98% of the web). |
Tested versions
v4.2.1.stable.official [15073af]
...
Godot_v4.3-dev6_linux
System information
Godot v4.2.2.stable - Ubuntu 23.10 23.10 - X11 - GLES3 (Compatibility) - llvmpipe (LLVM 15.0.7, 256 bits) () - AMD Ryzen 9 5900X 12-Core Processor (24 Threads)
Issue description
I'm connecting to a WSS source from Godot. Wireshark shows that it uses TLSv1.2 protocol.
The connection is STATE_OPEN, but packets are not sent from server to me.
When I'm testing the same WSS address in Postman everything works perfectly and Wireshark shows that TLSv1.3 is used. Also there are some other differences.
Also, the documentation is absolutely useless. So nobody knows if this is a Godot bug, or just outdated version or something that is possible to fix in code, but unclear how!
I asked about the problem 4 times in discord and literally 0 answers.
Steps to reproduce
connect to any websocket that is uses TLSv1.3
Minimal reproduction project (MRP)
Archive.zip
For some unclear reason this MRP can't even connect with 100% the same code as original.
The original can at least connect, although doesn't receive anything
The text was updated successfully, but these errors were encountered: