客户端无法打开与服务器的连接，因为它们可能不支持相同的TLS版本或设置.

The client can't open a connection to the server because they likely don't support the same TLS versions or settings.

尝试通过以下方式启动应用程序:

Try to start the application with:

• -Dhttps.protocols=TLSv1.2
• -Dhttps.protocols=TLSv1.3
• -Dhttps.protocols=TLSv1.0

• -Dhttps.protocols=TLSv1.2
• -Dhttps.protocols=TLSv1.3
• -Dhttps.protocols=TLSv1.0

TLSv1.2(2008)是TLS的当前受支持版本，该版本已部署到任何地方，并得到所有地方的支持.这是安全的默认设置，是迫使事情正常进行的原因.

TLSv1.2 (2008) is the currently supported version of TLS that is deployed everywhere and supported by everywhere. That's the safe default and what to force for things to just work.

TLSv1.3(2018)是即将发布的版本.它正在缓慢地遍及所有地方(Web服务器，应用程序，负载平衡器，CDN等).过渡应该是无缝的，但事实并非如此，没有软件是第一次完美的尝试，并且会出现一些错误和不兼容性. JDK 11引入了TLSv1.3，并在默认情况下尝试使用它，但由于出现该错误，效果并不理想，因此，解决方法是强制使用TLSv1.2.

TLSv1.3 (2018) is the upcoming version. It's being rolled across everywhere slowly (web servers, applications, load balancers, CDN, etc...). The transition should be seamless but it's not quite the case, no software is perfect on the first try and there are some bugs and incompatibilities coming up. The JDK 11 introduces TLSv1.3 and tries to use it by default, which didn't go well given the error, so the workaround is to force using TLSv1.2 instead.

如果您依靠TLS进行客户端证书身份验证，则存在一些棘手的情况，通常在处理诸如银行API之类的高度敏感信息的企业系统中使用. TLS 1.3更改了客户端身份验证的发生方式，因此客户端和服务器软件都可能需要升级，以便完全有机会工作. HTTP/2设计破坏了客户端身份验证，RFC尚待达成解决方案的共识，同时使用HTTP/1.1.

There are tricky edge cases if you rely on TLS for client certificate authentication, often used in enterprise systems dealing with highly sensitive information like banking APIs. TLS 1.3 changed the way client authentication happens so both client and server software likely need to be upgraded for it to have a chance to work at all. HTTP/2 breaks client authentication by design, a RFC is pending to agree on a solution, in the meantime use HTTP/1.1.

TLSv1.0(1999)是一个过时的版本，禁止使用，并且已在最新的库版本(OpenSSL 1.1.x，JDK 11等)中删除.如果您使用的是多年未维护的遗留企业Java应用程序，那么到2020年，仍然有可能遇到这种情况.这些确实需要升级.

TLSv1.0 (1999) is an obsolete version that is prohibited from usage and removed in latest library versions (OpenSSL 1.1.x, JDK 11, etc...). It's possible to encounter it still as of 2020 if you work around legacy enterprise java apps that ain't been maintained for years. These really need to be upgraded.