Re: [Ikvm-developers] Need help for enabling TLS2 using IKVM

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Below are the approaches we tried but at the end we could not able to send the transaction using TLS2.

Approach1:
              1. Upgraded .net framework from 4.0 to 4.5 and directly called the exposed java web services using .Net client without using IKVM. This resulted in sending the transaction using TSL2.0 and we could able to confirm this by checking the server log for the transaction details.

Note: JDK used here for creating the jar file is 1.7

Approach3:
              1. Upgraded  JDK 1.7 to 1.8 , created  separate webservice client using eclipse and here also we were able to consume the webservices which is exposed directly without using IKVM ( similar to #1) .

Approach3:
              1 . We tried to consume the exposed java web services using java client ( jar files created using JDK 1.7 or 1.8) and then covert this java client to dll using IKVM. Once the IKVM produced the dll , we consumed this dll in .net client and when the transaction was initiated then we got below error.

Note: JDK used here for creating the jar file is 1.7 or 1.8

Error log snippet:
                    lKMCBndFLGCommsConvertorUtil                          logMsg Ikke forventet exception oppstÃ¥tt i metode executeLogon and cause is due to com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
              at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:117)
              at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:208)
              at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:130)
              at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:124)
              at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:1121)
              at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:1035)
              at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:1004)
              at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:863)
              at com.sun.xml.internal.ws.client.Stub.process(Stub.java:448)
              at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:178)
              at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:93)
              at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:77)
              at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:147)
              at com.sun.proxy.$Proxy34.genericWS(Unknown Source)
              at com.edb.fs.enterprise.kmc.srv.service.kmsportclient.KMCBndInitiateBeanServiceImpl.executeLogon(KMCBndInitiateBeanServiceImpl.java:40)
              at no.fellesdata.fdfront.fdcash.session.initiate.client.BndInitiate.executeLogon(BndInitiate.java:232)
              at cli.vfs.KasseMemorialLogon.Start(KasseMemorilalLogon.vb:42)
              at cli.vfs.ClsTellerAdm.StartLogOn(vfsTellerAdm_cls.vb:88)
              at cli.vtd.vtdMain.Main(vtdmain_bas.vb:115)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
              at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
              at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
              at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2011)
              at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1114)
              at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1364)
              at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
              at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1376)
              at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:564)
              at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:186)
              at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1284)
              at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1257)
              at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
              at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:104)

Conclusion based on our approaches:
When we convert the java client ( jar files ) using IKVM to dll and consume this either in .net 4.0 or 4.5 we are getting "Received fatal alert: handshake_failure" .

Can some one suggest me what is the best way to go forward on this issue. We are struck on this for past 2 weeks . Any suggestion is welcomed for us.

Regards
Pradeep R

From: David Thielen <da...@wi...>
Sent: Thursday, September 20, 2018 6:33 PM
To: Pradeep Ramaswamy <Pra...@ev...>; ikv...@li...
Subject: RE: Need help for enabling TLS2 using IKVM

I'm not sure but I think TLS2 is the default for .NET 4.5.2 and later. So you may just need to get on the latest .NET.

From: Pradeep Ramaswamy <Pra...@ev...<mailto:Pra...@ev...>>
Sent: Thursday, September 20, 2018 4:02 AM
To: ikv...@li...<mailto:ikv...@li...>
Subject: [Ikvm-developers] Need help for enabling TLS2 using IKVM

Hi,

We are using IKVM for communicating .net to java and from Java we call SOAP webservices calls.

IKVM Current version: ikvm-7.2.4630.5

Current problem:
As IBM has stop the support for TLS1, we need to configure TLS2 going forward. Can you please let me know how to enable TLS2 in IKVM.

Thanks
Pradeep R