TLS 1.2 - Alert Level - Fatal - Description Protocol Version

Question

I am trying to connect to a web service which uses 2-way authentication on TLS version 1.2. The SSL handshake fails and I get the following handshake error when I sniff the packets on wireshark. (My client terminates the handshake by sending "RST, ACK"):

Also I get the following SCHANNEL error log on the windows event viewer:

A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal alert code is 10.

Target name:

The TLS alert registry can be found at http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-6

What does it mean? and what can I do about it? Here is my c# code:

var cert = new X509Certificate2(PfxBytes);

using (var handler = new HttpClientHandler())
{
    handler.ClientCertificateOptions = ClientCertificateOption.Manual;
    handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
    handler.ClientCertificates.Add(cert);
    handler.SslProtocols = SslProtocols.Tls12;

    using (var client = new HttpClient(handler, false))
    {
    var postData = new StringContent("", UnicodeEncoding.UTF8, "application/json");
    var response = await client.PostAsync("<URL>", postData);

    string responseString = await response.Content.ReadAsStringAsync();
    Console.WriteLine(responseString);
    }
}

The surprising thing is this works fine on postman with the same certificate. So I am pretty sure nothing is wrong with the certificate. Unable to figure out what is going wrong with my c# code.

Please Help.

Answer 1

My understanding is that there is a TLS protocol version mismatch. The client seems to suggest an unsupported version of the TLS to the server. Ensure that the server and the client can use the same version of the TLS protocol.