我正在嘗試縮小 Java 應用程序允許的 SSL 密碼的范圍。在 java.security 文件中，我使用：jdk.tls.disabledAlgorithms = SSLv2Hello，SSLv3的，使用TLSv1，TLSv1.1，3DES_EDE_CBC，TLS_DHE_RSA_WITH_AES_128_CBC_SHA，TLS_DHE_RSA_WITH_AES_128_CBC_SHA256，TLS_DHE_RSA_WITH_AES_128_GCM_SHA256，TLS_DHE_RSA_WITH_AES_256_CBC_SHA，TLS_DHE_RSA_WITH_AES_256_CBC_SHA256，TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA，TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256，TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256，TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA，TLS_RSA_WITH_AES_128_CBC_SHA256，TLS_RSA_WITH_AES_128_GCM_SHA256，TLS_RSA_WITH_AES_256_CBC_SHA，TLS_RSA_WITH_AES_256_GCM_SHA384，TLS_RSA_WITH_AES_256_CBC_SHA256它產生以下允許的密碼：Will-Adams-MacBook-Air:~ Looker$ nmap -script ssl-enum-ciphers -p 9999 <AWS INSTANCE>.compute.amazonaws.comStarting Nmap 7.70 ( https://nmap.org ) at 2018-09-06 14:23 PDTNmap scan report for <AWS INSTANCE>.compute.amazonaws.comHost is up (0.079s latency).PORT     STATE SERVICE9999/tcp open  abyss| ssl-enum-ciphers:|   TLSv1.2:|     ciphers:|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A|     compressors:|       NULL|     cipher preference: client|     warnings:|       Weak certificate signature: SHA1|_  least strength: ANmap done: 1 IP address (1 host up) scanned in 3.39 seconds偉大的！我快到了。我也想禁止TLS_RSA_WITH_AES_128_CBC_SHA但將其添加到jdk.tls.disabledAlgorithms禁用所有內容：Will-Adams-MacBook-Air:~ Looker$ nmap -script ssl-enum-ciphers -p 9999 <AWS INSTANCE>.compute.amazonaws.comStarting Nmap 7.70 ( https://nmap.org ) at 2018-09-06 14:28 PDTNmap scan report for <AWS INSTANCE>.compute.amazonaws.com Host is up (0.079s latency).PORT     STATE SERVICE9999/tcp open  abyssNmap done: 1 IP address (1 host up) scanned in 0.85 seconds為什么是這樣？有沒有辦法讓我禁用TLS_RSA_WITH_AES_128_CBC_SHA而不禁用TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 和TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384？