search

ikvmnet / ikvm

A Java Virtual Machine and Bytecode-to-IL Converter for .NET
Other
1.28k stars 121 forks source link

Received fatal alert: protocol_version - Client Hello sending the Tls version as 1.0 #439

Open amjathrahman opened 1 year ago

amjathrahman commented 1 year ago

Hi Team,

We are using IKVM to convert the JT400 (JTOpen) jar to connect AS400 using our C# application to connect securely using the secureAS400 class. from our application, if we capture the packet we come to know that client hello was sending the TLS version as 1.0 and the server is rejecting that connection after that with the following error message Received fatal alert: protocol_version.

image

please let me know if I need to set any environment variable or any registry entries to make it work ?

With Thanks Amjath

wasabii commented 1 year ago

Well, I know IKVM as of yet does not support TLS v1.3. It is possible the server only allows TLS v1.3.

amjathrahman commented 1 year ago

Hi @wasabii ,

Is it possible to set the TLS version as 1.2 instead of 1.0? I have read a few blogs and tried the following in my .net application, but nothing is working out for me, please let me know if any work around available to set the TLS version as 1.2.

I tried the following options:

  1. System.setProperty("https.protocols", "TLSv1.2");
  2. Setting Environment variables for "https.protocols" as "TLSv1.2"
  3. Added the below config in exe configuration 
    <appSettings>
    <add key="ikvm:https.protocols" value="TLSv1.2" />
</appSettings>

can you please help me on this TLS version issue ?

With Thanks Amjath

wasabii commented 1 year ago

TLS 1.2 is available by default.

amjathrahman commented 1 year ago

Hi @wasabii ,

Thanks for the update, then which configuration made the client hello to send the TLS version as 1.0? Can you please help me to identify this? As I mentioned I have tried setting the system property, environment variable & exe config. When I built a sample application in Java everything worked fine in the secure layer and the client hello is sending the TLS version as 1.2.

same environment .net application sending client hello tls version 1.0 image

Java application sending client hello tls version 1.2 image

please suggest me

With Thanks Amjath

wasabii commented 1 year ago

https://my.f5.com/manage/s/article/K90932505

I'm really not going to be able to help you much here. What are the details of the exception? Anything?

amjathrahman commented 1 year ago

Hi @wasabii,

From the application, we are getting this error alone "Received fatal alert: protocol_version", from the packet only we come to know that the client hello is sending the wrong TLS version.

is while using ikvmc do we need to set any environment variable to make sure it's using tls version as 1.2

With Thanks Amjath

wasabii commented 1 year ago

I think you need to understand what that packet trace represents. It already supports 1.2.