SSLHandShakeException No Appropriate Protocol

Question

I recently added SSL to my website and it can be accessed over https. Now when my java application tries to make requests to my website and read from it with a buffered read

Answer 1

Apparently, if you have TLS 1.0 disabled the emails won't be sent out. TLS Versions 1.1 and 1.2 do not work. Peter's suggestion did the trick for me.

Answer 2

protocol is disabled or cipher suites are inappropriate

The key to the problem lies in that statement. What it basically means is either:

1. The TLS implementation used by the client does not support the cipher suites used by the server's certificate.
2. The TLS configuration on the server has disabled cipher suites supported by the client.
3. The TLS configurations on the client disable cipher suites offered by the server.
4. TLS version incompatibility between the client and server.

This leads to handshake failure in TLS, and the connection fails. Check one or all of the three scenarios above.

Answer 3

In $JRE/lib/security/java.security:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL

This line is enabled, after I commented out this line, everything is working fine. Apparently after/in jre1.8.0_181 this line is enabled.

My Java version is "1.8.0_201.

Answer 4

In my case I am runnig Centos 8 and had the same issue with Imap/Java. Had to update the system-wide cryptographic policy level.

1. update-crypto-policies --set LEGACY
2. reboot machine.

Thats it.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/security_considerations-in-adopting-rhel-8#tls-v10-v11_security