Jump to content

[Updater] Updater communication does not utilize TLS


cry

Recommended Posts

NAME: Updater communication does not utilize TLS

DESCRIPTION: The updater uses a plain http connection to access remote resources. To avoid a whole class of unpleasant scenarios the updater should switch to the https schema.

REPRODUCIBILITY: Use the updater.

SCREENSHOT: https://i.imgur.com/nz5dF5Z.png

LOG: -

ADDITIONAL INFORMATION: The following, additional call is required to initiate the remote connection with TLS using the WebClient:

Quote

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

 

Link to comment
Share on other sites

  • 3 weeks later...

Thanks @cry for pointing that out. I am currently working on a new Updater which will for sure use TLS for its actions.

The current version was actually a pre release to have a nice looking launcher, a tool to keep the client updated and of course ... to start the game. There's nothing more than downloading files in it.
As you can see, the file download itself is done via http and not https, hence there's no call to set the SecurityProtocol explicitly. It would actually only add overhead to the calls.

The future version should have a login functionality, besides the file download and some other features, which will definitely only be accessible via https and TLS1.2 or even TLS1.3. For using TLS1.3 I'd need to drop older .NET Framework support since it is only available form .NET 4.8 and onwards. The community however still uses .NET 4.7.2 sometimes since there're still a lot of Windows 7 users out there. And afaik you need to manually download .NET 4.8 for Windows 7. It doesn't get installed automatically.

PS: I think I need to add a license that you're not allowed to decompile our applications. :) 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use