# javax.net.ssl.SSLException: No available algorithms

- **ID:** `java/ssl-exception-no-algorithms`
- **Domain:** java
- **Category:** protocol_error
- **Verification:** ai_generated
- **Fix Rate:** 82%

## Root Cause

The SSL/TLS handshake fails because the client and server do not share any common cipher suites or protocol versions, often due to restrictive security policies or outdated configurations.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| Java 8 | active | — | — |
| Java 11 | active | — | — |
| Java 17 | active | — | — |
| Java 21 | active | — | — |

## Workarounds

1. **Enable specific cipher suites on the client: `System.setProperty("https.cipherSuites", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");` or use a custom SSLContext with `SSLContext.getInstance("TLSv1.2")`.** (85% success)
   ```
   Enable specific cipher suites on the client: `System.setProperty("https.cipherSuites", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");` or use a custom SSLContext with `SSLContext.getInstance("TLSv1.2")`.
   ```
2. **Update the server to support modern cipher suites (e.g., TLS 1.2 or 1.3 with AES-GCM). On the JVM side, remove the `jdk.tls.disabledAlgorithms` restriction in `java.security` if appropriate.** (80% success)
   ```
   Update the server to support modern cipher suites (e.g., TLS 1.2 or 1.3 with AES-GCM). On the JVM side, remove the `jdk.tls.disabledAlgorithms` restriction in `java.security` if appropriate.
   ```
3. **Use a more permissive SSLContext: `SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, new TrustManager[]{new X509TrustManager() { public void checkClientTrusted(X509Certificate[] c, String a) {} public void checkServerTrusted(X509Certificate[] c, String a) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, null);` (for testing only).** (70% success)
   ```
   Use a more permissive SSLContext: `SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, new TrustManager[]{new X509TrustManager() { public void checkClientTrusted(X509Certificate[] c, String a) {} public void checkServerTrusted(X509Certificate[] c, String a) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, null);` (for testing only).
   ```

## Dead Ends

- **** — This completely disables certificate validation, creating a severe security vulnerability, and may not resolve algorithm mismatch. (90% fail)
- **** — Newer Java versions may remove weak cipher suites, so the mismatch persists if the server only offers deprecated algorithms. (70% fail)
- **** — If the server does not support TLSv1.2, the handshake still fails with a different error. (60% fail)