| License Type | SaaS & On-Premise |
| Agent Mode | Assess & Protect |
| Main Product Category | Java Agent |
| Sub Category | Connectivity |
Issue
The following error is seen when the Java agent is attempting to make a secure connection to the Contrast UI.
Problem resolving features with com.contrastsecurity.agent.features.%
javax.net.ssl.SSLException: Received fatal alert: protocol_version
Cause
If this error is observed is when using an IBM JRE (for example in WebSphere), the root cause is likely due to a difference in the TLS implementation between the IBM and Oracle JREs as detailed in this article. By default, in the IBM implementation, only (the deprecated) TLS1 will be enabled.
Similarly, older Oracle and OpenJDK versions of the Java JRE will default to a deprecated TLS version.
Resolution
IBM JRE
Adding the following to the JVM options:
-Dcom.ibm.jsse2.overrideDefaultTLS=true
shouldl allow the IBM JRE to enable TLSv1.2 which should resolve the issue.
Non-IBM JRE
Adding the following to the JVM options:
-Dhttps.protocols=TLSv1.2
should allow the JRE to enable TLSv1.2 which should resolve the issue.
For additional details, see this article.