# javax.net.ssl.SSLException：没有可用的算法

- **ID:** `java/ssl-exception-no-algorithms`
- **领域:** java
- **类别:** protocol_error
- **验证级别:** ai_generated
- **修复率:** 82%

## 根因

SSL/TLS 握手失败，因为客户端和服务器没有共享任何共同的密码套件或协议版本，通常是由于安全策略限制或配置过时。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Java 8 | active | — | — |
| Java 11 | active | — | — |
| Java 17 | active | — | — |
| Java 21 | active | — | — |

## 解决方案

1. ```
   Enable specific cipher suites on the client: `System.setProperty("https.cipherSuites", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");` or use a custom SSLContext with `SSLContext.getInstance("TLSv1.2")`.
   ```
2. ```
   Update the server to support modern cipher suites (e.g., TLS 1.2 or 1.3 with AES-GCM). On the JVM side, remove the `jdk.tls.disabledAlgorithms` restriction in `java.security` if appropriate.
   ```
3. ```
   Use a more permissive SSLContext: `SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(null, new TrustManager[]{new X509TrustManager() { public void checkClientTrusted(X509Certificate[] c, String a) {} public void checkServerTrusted(X509Certificate[] c, String a) {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }}, null);` (for testing only).
   ```

## 无效尝试

- **** — This completely disables certificate validation, creating a severe security vulnerability, and may not resolve algorithm mismatch. (90% 失败率)
- **** — Newer Java versions may remove weak cipher suites, so the mismatch persists if the server only offers deprecated algorithms. (70% 失败率)
- **** — If the server does not support TLSv1.2, the handshake still fails with a different error. (60% 失败率)