Java Agent Fails to Connect to Contrast UI: Received fatal alert: protocol_version

  • Updated

Issue

The following error is seen when the Java agent is attempting to make a secure connection to the Contrast UI.

Problem resolving features with com.contrastsecurity.agent.features.%
javax.net.ssl.SSLException: Received fatal alert: protocol_version

Cause

If this error is observed is when using an IBM JRE (for example in WebSphere), the root cause is likely due to a difference in the TLS implementation between the IBM and Oracle JREs as detailed in this article (currently archived). By default, in the IBM implementation, only (the deprecated) TLS1 will be enabled.

Similarly, older Oracle and OpenJDK versions of the Java JRE will default to a deprecated TLS version.

Resolution

IBM JRE

Adding the following to the JVM options:

-Dcom.ibm.jsse2.overrideDefaultTLS=true

shouldl allow the IBM JRE to enable TLSv1.2 which should resolve the issue.

Non-IBM JRE

Adding the following to the JVM options:

-Dhttps.protocols=TLSv1.2

should allow the JRE to enable TLSv1.2 which should resolve the issue.

For additional details, see this article.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request