java
protocol_error
ai_generated
partial
javax.net.ssl.SSLException: No available algorithms
ID: java/ssl-exception-no-algorithms
82%Fix Rate
80%Confidence
1Evidence
2024-09-01First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Java 8 | active | — | — | — |
| Java 11 | active | — | — | — |
| Java 17 | active | — | — | — |
| Java 21 | active | — | — | — |
Root Cause
The SSL/TLS handshake fails because the client and server do not share any common cipher suites or protocol versions, often due to restrictive security policies or outdated configurations.
generic中文
SSL/TLS 握手失败,因为客户端和服务器没有共享任何共同的密码套件或协议版本,通常是由于安全策略限制或配置过时。
Official Documentation
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.htmlWorkarounds
-
85% success Enable specific cipher suites on the client: `System.setProperty("https.cipherSuites", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");` or use a custom SSLContext with `SSLContext.getInstance("TLSv1.2")`.
Enable specific cipher suites on the client: `System.setProperty("https.cipherSuites", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");` or use a custom SSLContext with `SSLContext.getInstance("TLSv1.2")`. -
80% success Update the server to support modern cipher suites (e.g., TLS 1.2 or 1.3 with AES-GCM). On the JVM side, remove the `jdk.tls.disabledAlgorithms` restriction in `java.security` if appropriate.
Update the server to support modern cipher suites (e.g., TLS 1.2 or 1.3 with AES-GCM). On the JVM side, remove the `jdk.tls.disabledAlgorithms` restriction in `java.security` if appropriate.
-
70% success Use a more permissive SSLContext: `SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, new TrustManager[]{new X509TrustManager() { public void checkClientTrusted(X509Certificate[] c, String a) {} public void checkServerTrusted(X509Certificate[] c, String a) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, null);` (for testing only).
Use a more permissive SSLContext: `SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, new TrustManager[]{new X509TrustManager() { public void checkClientTrusted(X509Certificate[] c, String a) {} public void checkServerTrusted(X509Certificate[] c, String a) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, null);` (for testing only).
中文步骤
Enable specific cipher suites on the client: `System.setProperty("https.cipherSuites", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");` or use a custom SSLContext with `SSLContext.getInstance("TLSv1.2")`.Update the server to support modern cipher suites (e.g., TLS 1.2 or 1.3 with AES-GCM). On the JVM side, remove the `jdk.tls.disabledAlgorithms` restriction in `java.security` if appropriate.
Use a more permissive SSLContext: `SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, new TrustManager[]{new X509TrustManager() { public void checkClientTrusted(X509Certificate[] c, String a) {} public void checkServerTrusted(X509Certificate[] c, String a) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, null);` (for testing only).
Dead Ends
Common approaches that don't work:
-
90% fail
This completely disables certificate validation, creating a severe security vulnerability, and may not resolve algorithm mismatch.
-
70% fail
Newer Java versions may remove weak cipher suites, so the mismatch persists if the server only offers deprecated algorithms.
-
60% fail
If the server does not support TLSv1.2, the handshake still fails with a different error.