cry Posted January 18, 2021 Share Posted January 18, 2021 NAME: Updater communication does not utilize TLS DESCRIPTION: The updater uses a plain http connection to access remote resources. To avoid a whole class of unpleasant scenarios the updater should switch to the https schema. REPRODUCIBILITY: Use the updater. SCREENSHOT: https://i.imgur.com/nz5dF5Z.png LOG: - ADDITIONAL INFORMATION: The following, additional call is required to initiate the remote connection with TLS using the WebClient: Quote ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; Link to comment Share on other sites More sharing options...
Aviat0r Posted February 6, 2021 Share Posted February 6, 2021 Thanks @cry for pointing that out. I am currently working on a new Updater which will for sure use TLS for its actions. The current version was actually a pre release to have a nice looking launcher, a tool to keep the client updated and of course ... to start the game. There's nothing more than downloading files in it. As you can see, the file download itself is done via http and not https, hence there's no call to set the SecurityProtocol explicitly. It would actually only add overhead to the calls. The future version should have a login functionality, besides the file download and some other features, which will definitely only be accessible via https and TLS1.2 or even TLS1.3. For using TLS1.3 I'd need to drop older .NET Framework support since it is only available form .NET 4.8 and onwards. The community however still uses .NET 4.7.2 sometimes since there're still a lot of Windows 7 users out there. And afaik you need to manually download .NET 4.8 for Windows 7. It doesn't get installed automatically. PS: I think I need to add a license that you're not allowed to decompile our applications. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now