This seems like a protocol version mismatch, this exception normally happens when there is a mismatch between SSL protocol version used by the client and the server. your clients should use a proctocol version supported by the server.

这似乎是协议版本不匹配，当客户端和服务器使用的 SSL 协议版本不匹配时，通常会发生此异常。您的客户端应该使用服务器支持的协议版本。

This is due to the fact that you send a TLSv1 handshake, but then you send a message using SSLv2 protocol;

这是因为您发送了 TLSv1 握手，但随后您使用 SSLv2 协议发送了一条消息；

xxx, WRITE: TLSv1 Handshake, length = 75
xxx, WRITE: SSLv2 client hello message, length = 101

This means that the server expects the TLSv1 protocol to be used and will not accept the connection. Try specifying which protocol to use, or post some relevant code so we can have a look

这意味着服务器期望使用 TLSv1 协议并且不会接受连接。尝试指定要使用的协议，或发布一些相关代码以便我们查看

On Java 1.8 default TLS protocol is v1.2. On Java 1.6 and 1.7 default is obsoleted TLS1.0. I get this error on Java 1.8, because url use old TLS1.0 (like Your - You see ClientHello, TLSv1). To resolve this error You need to use override defaults for Java 1.8.

在 Java 1.8 上，默认 TLS 协议是 v1.2。在 Java 1.6 和 1.7 上，默认的 TLS1.0 已过时。我在 Java 1.8 上收到此错误，因为 url 使用旧的 TLS1.0（例如 Your - You see ClientHello, TLSv1）。要解决此错误，您需要使用 Java 1.8 的覆盖默认值。

System.setProperty("https.protocols", "TLSv1");

More info on the Oracle blog.

有关Oracle 博客的更多信息。

marioosh's answer seems to on the right track. It didn't work for me. So I found:

marioosh 的答案似乎在正确的轨道上。它对我不起作用。所以我发现：

Problems connecting via HTTPS/SSL through own Java client

通过自己的 Java 客户端通过 HTTPS/SSL 连接的问题

which uses:

它使用：

java.lang.System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");

Which seems to be necessary with Java 7 and a TLSv1.2 site.

这对于 Java 7 和 TLSv1.2 站点似乎是必要的。

I checked the site with:

我检查了该网站：

openssl s_client -connect www.st.nmfs.noaa.gov:443

using

使用

openssl version
OpenSSL 1.0.2l  25 May 2017

and got the result:

并得到了结果：

...
SSL-Session:
   Protocol  : TLSv1.2
   Cipher    : ECDHE-RSA-AES256-GCM-SHA384
...

Please note that and older openssl version on my mac did not work and I had to use the macports one.

请注意，我的 mac 上较旧的 openssl 版本不起作用，我不得不使用 macports 一个。

@marioosh added some extra information regarding cipher suite encryption .

@marioosh 添加了一些关于密码套件加密的额外信息。

A cipher suiteis a collection of symmetric and asymmetric encryption algorithms used by hosts to establish a secure communication in Transport Layer Security (TLS) / Secure Sockets Layer (SSL) network protocol.
Ciphers are algorithms, more specifically they're a set of steps for both performing encryption as well as the corresponding decryption.

甲密码套件是由主机使用来建立传输层安全（TLS）的安全通信的对称和非对称加密算法/安全套接字层（SSL）网络协议的集合。
密码是算法，更具体地说，它们是执行加密和相应解密的一组步骤。

A cipher suite specifies one algorithm for each of the following tasks:

密码套件为以下每个任务指定一种算法：

• Key exchange
• Bulk encryption
• Message authentication

• 密钥交换
• 批量加密
• 消息认证

SocketFactory? Default handshaking protocols? To avoid SSLException use https.protocolssystem property.
This contains a comma-separated list of protocol suite names specifying which protocol suites to enable on this HttpsURLConnection. See the SSLSocket.setEnabledProtocols(String[]) method.

套接字工厂？默认握手协议？为了避免 SSLException 使用https.protocols系统属性。
这包含一个以逗号分隔的协议套件名称列表，指定要在此 HttpsURLConnection 上启用哪些协议套件。请参阅SSLSocket.setEnabledProtocols(String[]) 方法。

System.setProperty("https.protocols", "SSLv3");
// (OR)
System.setProperty("https.protocols", "TLSv1");

JAVA8 ? TLS 1.1 and TLS 1.2 Enabled by Default: The SunJSSE provider enables the protocols TLS 1.1 and TLS 1.2 on the client by default.

JAVA8 ? 默认情况下启用 TLS 1.1 和 TLS 1.2：默认情况下，SunJSSE 提供程序在客户端上启用协议 TLS 1.1 和 TLS 1.2。

System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");

Example for Java8 Network File:

Java8 网络文件示例：

public class SecureSocket {
    static {
        // System.setProperty("javax.net.debug", "all");
        System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");
    }
    public static void main(String[] args) {
        String GhitHubSSLFile = "https://raw.githubusercontent.com/Yash-777/SeleniumWebDrivers/master/pom.xml";
        try {
            String str = readCloudFileAsString(GhitHubSSLFile);
                    // new String(Files.readAllBytes(Paths.get( "D:/Sample.file" )));

            System.out.println("Cloud File Data : "+ str);
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    public static String readCloudFileAsString( String urlStr ) throws java.io.IOException {
        if( urlStr != null && urlStr != "" ) {
            java.io.InputStream s = null;
            String content = null;
            try {
                URL url = new URL( urlStr );
                s = (java.io.InputStream) url.getContent();
                content = IOUtils.toString(s, "UTF-8");
            } finally {
                if (s != null) s.close(); 
            }
            return content.toString();
        }
        return null;
    }
}

System.setProperty("javax.net.debug", "all");

Exception

例外

javax.net.ssl.SSLException: Received fatal alert: protocol_version

If handshaking fails for any reason, the SSLSocket is closed, and no further communications can be done.

如果握手由于任何原因失败，SSLSocket 将关闭，并且无法进行进一步的通信。

Observer LOG Sample for the above example:

上面例子的观察者日志示例：

*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1505482843 bytes = { 12, 11, 111, 99, 8, 177, 101, 27, 84, 176, 147, 215, 116, 208, 31, 178, 141, 170, 29, 118, 29, 192, 61, 191, 53, 201, 127, 100 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: raw.githubusercontent.com]
***
[write] MD5 and SHA1 hashes:  len = 213
0000: 01 00 00 D1 03 03 5A BC   D8 5B 0C 0B 6F 63 08 B1  ......Z..[..oc..
0010: 65 1B 54 B0 93 D7 74 D0   1F B2 8D AA 1D 76 1D C0  e.T...t......v..
0020: 3D BF 35 C9 7F 64 00 00   2A C0 09 C0 13 00 2F C0  =.5..d..*...../.
0030: 04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0  ....3.2.........
0040: 0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00  ................
0050: 04 00 FF 01 00 00 7E 00   0A 00 34 00 32 00 17 00  ..........4.2...
0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00  ................
0070: 18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00  ................
0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................
0090: 0B 00 02 01 00 00 0D 00   1A 00 18 06 03 06 01 05  ................
00A0: 03 05 01 04 03 04 01 03   03 03 01 02 03 02 01 02  ................
00B0: 02 01 01 00 00 00 1E 00   1C 00 00 19 72 61 77 2E  ............raw.
00C0: 67 69 74 68 75 62 75 73   65 72 63 6F 6E 74 65 6E  githubuserconten
00D0: 74 2E 63 6F 6D                                     t.com
main, WRITE: TLSv1.2 Handshake, length = 213
[Raw write]: length = 218
0000: 16 03 03 00 D5 01 00 00   D1 03 03 5A BC D8 5B 0C  ...........Z..[.
0010: 0B 6F 63 08 B1 65 1B 54   B0 93 D7 74 D0 1F B2 8D  .oc..e.T...t....
0020: AA 1D 76 1D C0 3D BF 35   C9 7F 64 00 00 2A C0 09  ..v..=.5..d..*..
0030: C0 13 00 2F C0 04 C0 0E   00 33 00 32 C0 08 C0 12  .../.....3.2....
0040: 00 0A C0 03 C0 0D 00 16   00 13 C0 07 C0 11 00 05  ................
0050: C0 02 C0 0C 00 04 00 FF   01 00 00 7E 00 0A 00 34  ...............4
0060: 00 32 00 17 00 01 00 03   00 13 00 15 00 06 00 07  .2..............
0070: 00 09 00 0A 00 18 00 0B   00 0C 00 19 00 0D 00 0E  ................
0080: 00 0F 00 10 00 11 00 02   00 12 00 04 00 05 00 14  ................
0090: 00 08 00 16 00 0B 00 02   01 00 00 0D 00 1A 00 18  ................
00A0: 06 03 06 01 05 03 05 01   04 03 04 01 03 03 03 01  ................
00B0: 02 03 02 01 02 02 01 01   00 00 00 1E 00 1C 00 00  ................
00C0: 19 72 61 77 2E 67 69 74   68 75 62 75 73 65 72 63  .raw.githubuserc
00D0: 6F 6E 74 65 6E 74 2E 63   6F 6D                    ontent.com
[Raw read]: length = 5
0000: 16 03 03 00 5D                                     ....]

Cryptography and Secure Communication with whatsapp

使用 whatsapp 进行密码学和安全通信

@See

@看

• AZURE TLS/SSL cipher suites
• javax.net.ssl.SSLHandshakeException: No appropriate protocol
• Whatsapp End To End Encryption

• AZURE TLS/SSL 密码套件
• javax.net.ssl.SSLHandshakeException：没有合适的协议
• Whatsapp端到端加密

I was getting the same error. For Java version 7, following is working for me.

我遇到了同样的错误。对于 Java 版本 7，以下对我有用。

java.lang.System.setProperty("https.protocols", "TLSv1.2");

java.lang.System.setProperty("https.protocols", "TLSv1.2");

I ran into this issue while trying to install a PySpark package. I got around the issue by changing the TLS version with an environment variable:

我在尝试安装 PySpark 包时遇到了这个问题。我通过使用环境变量更改 TLS 版本解决了这个问题：

echo 'export JAVA_TOOL_OPTIONS="-Dhttps.protocols=TLSv1.2"' >> ~/.bashrc
source ~/.bashrc

You can try by adding following line to catalina.bat after last entry of JAVA_OPTS

您可以尝试在最后一次输入 JAVA_OPTS 后将以下行添加到 catalina.bat

set JAVA_OPTS=%JAVA_OPTS% -Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2

放 JAVA_OPTS=%JAVA_OPTS% -Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2

Not sure if you found an answer but I had this problem and needed to upgrade TLS version to 1.2

不确定您是否找到了答案，但我遇到了这个问题，需要将 TLS 版本升级到 1.2

private HttpsURLConnection getSSlConnection(String url, String username, String password){
    SSLContext sc = SSLContext.getInstance("TLSv1.2")
    // Create a trust manager that accepts all SSL sites
    TrustManager[] trustAllCerts = new TrustManager[1]
    def tm = new X509TrustManager(){
        @Override
        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        }

        @Override
        X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0]
        }
    }
    trustAllCerts[0] = tm

    sc.init(null, trustAllCerts, new SecureRandom())
    HttpsURLConnection connection = (HttpsURLConnection) getConnection(url, username, password)
    connection.setSSLSocketFactory(sc.getSocketFactory())
    return connection
}

I have got that error after update to JDK 1.8. But the JAVA_HOMEvariable was hard coded furthermore to JDK 1.7. Thew modification solved the problem:

更新到 JDK 1.8 后出现该错误。但是该JAVA_HOME变量被硬编码到 JDK 1.7。修改后解决了问题：

set JAVA_HOME=C:\Program Files\Java\jdk1.8.0_241