Skip to content

Add support for TLS 1.3#36

Merged
simon-lemay-unity merged 1 commit into
masterfrom
tls1.3-support
Apr 9, 2026
Merged

Add support for TLS 1.3#36
simon-lemay-unity merged 1 commit into
masterfrom
tls1.3-support

Conversation

@simon-lemay-unity
Copy link
Copy Markdown

@simon-lemay-unity simon-lemay-unity commented Apr 7, 2026

This PR adds support for TLS 1.3 to our UnityTLS VTLS wrapper.

Note that these changes are not actually required to get TLS 1.3 working with UnityWebRequest. Our wrapper defers to UnityTLS to get the default protocol versions (through UNITYTLS_TLSCTX_PROTOCOLRANGE_DEFAULT) so if we update UnityTLS with TLS 1.3 support it will automatically be picked up here. The changes in this PR are only required if we want to explicitly tell Curl to use TLS 1.3, although I don't know if any of the ways to do so are actually exposed to users. Still, it's a good thing to be thorough and update Curl anyway.

The diff in unitytls.c looks huge because I normalized the line endings (for some reason the file was committed with CRLF but the rest of Curl uses LF only). Here are the changes to that file without the whitespace noise:

@@ -393,16 +393,15 @@ static CURLcode unitytls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy

   unitytls_tlsctx_callbacks callbacks = { unitytls_on_read, unitytls_on_write, cf };

-  /* unitytls only supports TLS 1.0-1.2 */
+  /* unitytls only supports TLS 1.2-1.3 */
   switch (conn_config->version)
   {
     case CURL_SSLVERSION_DEFAULT:
-    case CURL_SSLVERSION_TLSv1_0:
-    case CURL_SSLVERSION_TLSv1_1:
     case CURL_SSLVERSION_TLSv1_2:
+    case CURL_SSLVERSION_TLSv1_3:
       break;
     default:
-      failf(data, "unitytls only supports TLS 1.0-1.2");
+      failf(data, "unitytls only supports TLS 1.2-1.3");
       return CURLE_SSL_CONNECT_ERROR;
   }

@@ -456,15 +455,12 @@ static CURLcode unitytls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy
     case CURL_SSLVERSION_DEFAULT:
       protocol_range = unitytls->UNITYTLS_TLSCTX_PROTOCOLRANGE_DEFAULT;
       break;
-    case CURL_SSLVERSION_TLSv1_0:
-      protocol_range.max = protocol_range.min = UNITYTLS_PROTOCOL_TLS_1_0;
-      break;
-    case CURL_SSLVERSION_TLSv1_1:
-      protocol_range.max = protocol_range.min = UNITYTLS_PROTOCOL_TLS_1_1;
-      break;
     case CURL_SSLVERSION_TLSv1_2:
       protocol_range.max = protocol_range.min = UNITYTLS_PROTOCOL_TLS_1_2;
       break;
+    case CURL_SSLVERSION_TLSv1_3:
+      protocol_range.max = protocol_range.min = UNITYTLS_PROTOCOL_TLS_1_3;
+      break;
     default:
       failf(data, "Unrecognized/unsupported parameter passed via CURLOPT_SSLVERSION");
       return CURLE_SSL_CONNECT_ERROR;

@github-actions github-actions Bot added the TLS label Apr 7, 2026
Petezah
Petezah approved these changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown

@Petezah Petezah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me. Thanks!

@simon-lemay-unity simon-lemay-unity merged commit 0d55593 into master Apr 9, 2026
17 of 132 checks passed
@simon-lemay-unity simon-lemay-unity deleted the tls1.3-support branch April 9, 2026 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Petezah Petezah Petezah approved these changes

@jy-vivox jy-vivox Awaiting requested review from jy-vivox

Assignees

No one assigned

Labels

TLS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simon-lemay-unity @Petezah