{
  "id": "java/ssl-exception-no-algorithms",
  "signature": "javax.net.ssl.SSLException: No available algorithms",
  "signature_zh": "javax.net.ssl.SSLException：没有可用的算法",
  "regex": "javax\\.net\\.ssl\\.SSLException: No available algorithms",
  "domain": "java",
  "category": "protocol_error",
  "subcategory": null,
  "root_cause": "The SSL/TLS handshake fails because the client and server do not share any common cipher suites or protocol versions, often due to restrictive security policies or outdated configurations.",
  "root_cause_type": "generic",
  "root_cause_zh": "SSL/TLS 握手失败，因为客户端和服务器没有共享任何共同的密码套件或协议版本，通常是由于安全策略限制或配置过时。",
  "versions": [
    {
      "version": "Java 8",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Java 11",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Java 17",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Java 21",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "This completely disables certificate validation, creating a severe security vulnerability, and may not resolve algorithm mismatch.",
      "fail_rate": 0.9,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Newer Java versions may remove weak cipher suites, so the mismatch persists if the server only offers deprecated algorithms.",
      "fail_rate": 0.7,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "If the server does not support TLSv1.2, the handshake still fails with a different error.",
      "fail_rate": 0.6,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Enable specific cipher suites on the client: `System.setProperty(\"https.cipherSuites\", \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\");` or use a custom SSLContext with `SSLContext.getInstance(\"TLSv1.2\")`.",
      "success_rate": 0.85,
      "how": "Enable specific cipher suites on the client: `System.setProperty(\"https.cipherSuites\", \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\");` or use a custom SSLContext with `SSLContext.getInstance(\"TLSv1.2\")`.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Update the server to support modern cipher suites (e.g., TLS 1.2 or 1.3 with AES-GCM). On the JVM side, remove the `jdk.tls.disabledAlgorithms` restriction in `java.security` if appropriate.",
      "success_rate": 0.8,
      "how": "Update the server to support modern cipher suites (e.g., TLS 1.2 or 1.3 with AES-GCM). On the JVM side, remove the `jdk.tls.disabledAlgorithms` restriction in `java.security` if appropriate.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Use a more permissive SSLContext: `SSLContext ctx = SSLContext.getInstance(\"TLS\"); ctx.init(null, new TrustManager[]{new X509TrustManager() { public void checkClientTrusted(X509Certificate[] c, String a) {} public void checkServerTrusted(X509Certificate[] c, String a) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, null);` (for testing only).",
      "success_rate": 0.7,
      "how": "Use a more permissive SSLContext: `SSLContext ctx = SSLContext.getInstance(\"TLS\"); ctx.init(null, new TrustManager[]{new X509TrustManager() { public void checkClientTrusted(X509Certificate[] c, String a) {} public void checkServerTrusted(X509Certificate[] c, String a) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, null);` (for testing only).",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Enable specific cipher suites on the client: `System.setProperty(\"https.cipherSuites\", \"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\");` or use a custom SSLContext with `SSLContext.getInstance(\"TLSv1.2\")`.",
    "Update the server to support modern cipher suites (e.g., TLS 1.2 or 1.3 with AES-GCM). On the JVM side, remove the `jdk.tls.disabledAlgorithms` restriction in `java.security` if appropriate.",
    "Use a more permissive SSLContext: `SSLContext ctx = SSLContext.getInstance(\"TLS\"); ctx.init(null, new TrustManager[]{new X509TrustManager() { public void checkClientTrusted(X509Certificate[] c, String a) {} public void checkServerTrusted(X509Certificate[] c, String a) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, null);` (for testing only)."
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html",
  "official_doc_section": null,
  "error_code": null,
  "verification_tier": "ai_generated",
  "confidence": 0.8,
  "fix_success_rate": 0.82,
  "resolvable": "partial",
  "first_seen": "2024-09-01",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}