| License Type | SaaS & On-Premise |
| Agent Mode | Assess & Protect |
| Main Product Category | Java Agent |
| Sub Category | Connectivity |
Issue
The following error is seen when the Java agent is attempting to make a secure connection to the Contrast UI.
Problem resolving features with com.contrastsecurity.agent.features.%
javax.net.ssl.SSLException: Received fatal alert: protocol_version
Cause
The most likely circumstance under which this error will be observed is when using an IBM JRE (for example in WebSphere), the root cause being a difference in the TLS implementation between the IBM and Oracle JREs as detailed in this article. By default, in the IBM implementation, only (the deprecated) TLS1 will be enabled.
Resolution
Adding the following to the JVM options:
-Dcom.ibm.jsse2.overrideDefaultTLS=true
will allow the IBM JRE to enable TLSv1.1 and TLSv1.2 which should resolve the issue.