crossdomain.xml not working with ssl and facebook canvas

My app has a facebook canvas version at apps.facebook.com/fizzpoints.

The unity3d file is hosted at www.fizzpoints.com.

The app makes API calls to development.fizzpoints.com.

My app and API calls work fine on my tests with Android. They also work in the editor when the build settings are set to webplayer, which I understand to be emulating the same security policy as the actual webplayer.

However, in the facebook canvas, they don't work. I get the following error (I have some of this information because I installed the logviewer http://www.dreammakersgroup.com/products-2/unity3d-in-game-logs/).

NotSupportedException: https://development.fizzpoints.com/api/users/adminmessage //same for my other endpoints as well System.Net.WebRequest.GetCreator(System.String prefix) System.Net.WebRequest.Create(System.Uri requestUri) System.Net.WebRequest.Create(System.String requestUriString)

That is one of my endpoints, but it works fine in the editor with webplayer selected, as do all my other endpoints.

I followed the directions in the debugging section of this resource (http://docs.unity3d.com/Manual/SecuritySandbox.html) to see my logs. In the editor, even though the API calls work, I do get an error.

CheckingSecurityForUrl: https://development.fizzpoints.com/api/users/fblogin CheckingSecurityForUrl: https://development.fizzpoints.com/crossdomain.xml ERROR building certificate chain: System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1.2.840.113549.1.1.12 at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.RSA rsa) [0x00000] in :0
at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.AsymmetricAlgorithm aa) [0x00000] in :0 at System.Security.Cryptography.X509Certificates.X509Chain.IsSignedWith (System.Security.Cryptography.X509Certificates.X509Certificate2 signed, System.Security.Cryptography.AsymmetricAlgorithm pubkey) [0x00000] in unknown>:0 at System.Security.Cryptography.X509Certificates.X509Chain.Process (Int32 n) [0x00000] in unknown>:0 at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x00000] in :0 at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in unknown>:0 --- End of inner exception stack trace --- at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in unknown>:0 at System.Net.ServicePointManager+ChainValidationHelper.ValidateChain (Mono.Security.X509.X509CertificateCollection certs) [0x00000] in unknown>:0 Please, report this problem to the Mono team

According to this resource (http://msdn.microsoft.com/en-us/library/ff635603.aspx), algorithm 1.2.840.113549.1.1.12 is sha384RSA, but my certificate issuer (Comodo) assures me that the only possible algorithm used was SHA256 (presumably algorithm 1.2.840.113549.1.1.11).

Subsequent calls to the same and other endpoints do not result in an error, just the single line:

CheckingSecurityForUrl: https://development.fizzpoints.com/api/users/adminmessage

Additional Info As you may have noticed, I'm making my calls with the HTTPWebRequest class. I'm not using unity's WWW class because I need to be able to change request headers, which, if it is possible, eluded me when I experimented with the class.

My SSL configuration file on my server contains the following 2 lines:

SSLProtocol all -SSLv2

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

Are any of those directives causing trouble for Unity?