JDK-11 SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

Question

Getting this error on using jdk-11 (Oracle 11.0.10) to make a HTTPS connection

javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
        at java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:170) ~[na:na]
        at java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:98) ~[na:na]
        at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:221) ~[na:na]
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394) ~[na:na]
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:373) ~[na:na]
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436) ~[httpclient-4.5.13.jar:4.5.13]
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) ~[httpclient-4.5.13.jar:4.5.13]
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.13.jar:4.5.13]
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) ~[httpclient-4.5.13.jar:4.5.13]

I have tried to disable or edit jdk.tls.disabledAlgorithms but still the same issue.
The java.security I edited is under - C:\Program Files\Java\jdk-11.0.10\conf\security

Answer 1

This exception is due to TLSv1 and TLSv1.1 deprecation.

As of OpenJDK 8u292 onward, 11.0.11 onward and all versions of OpenJDK 16 read here, all TLS connections require version TLSv1.2 or TLSv1.3 to be used. You can set the TLS version to be used just by setting a Java System property.

For HTTPS connections that use HttpsURLConnection: System.setProperty("https.protocols", "TLSv1.2");

Fot SMTPS connections: System.setProperty("mail.smtp.ssl.protocols", "TLSv1.2");

Fot POP3S connections: System.setProperty("mail.pop3s.ssl.protocols", "TLSv1.2");

Use the aforementioned commands just before the source of your client.

Answer 2

I had the same issue with java 11.0.11. Update your java or use previous versions. It works for me with openjdk version "11.0.8" OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.8+10).