我正在尝试缩小 Java 应用程序允许的 SSL 密码的范围。在 java.security 文件中，我使用：jdk.tls.disabledAlgorithms = SSLv2Hello，SSLv3的，使用TLSv1，TLSv1.1，3DES_EDE_CBC，TLS_DHE_RSA_WITH_AES_128_CBC_SHA，TLS_DHE_RSA_WITH_AES_128_CBC_SHA256，TLS_DHE_RSA_WITH_AES_128_GCM_SHA256，TLS_DHE_RSA_WITH_AES_256_CBC_SHA，TLS_DHE_RSA_WITH_AES_256_CBC_SHA256，TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA，TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256，TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256，TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA，TLS_RSA_WITH_AES_128_CBC_SHA256，TLS_RSA_WITH_AES_128_GCM_SHA256，TLS_RSA_WITH_AES_256_CBC_SHA，TLS_RSA_WITH_AES_256_GCM_SHA384，TLS_RSA_WITH_AES_256_CBC_SHA256它产生以下允许的密码：Will-Adams-MacBook-Air:~ Looker$ nmap -script ssl-enum-ciphers -p 9999 <AWS INSTANCE>.compute.amazonaws.comStarting Nmap 7.70 ( https://nmap.org ) at 2018-09-06 14:23 PDTNmap scan report for <AWS INSTANCE>.compute.amazonaws.comHost is up (0.079s latency).PORT     STATE SERVICE9999/tcp open  abyss| ssl-enum-ciphers:|   TLSv1.2:|     ciphers:|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A|     compressors:|       NULL|     cipher preference: client|     warnings:|       Weak certificate signature: SHA1|_  least strength: ANmap done: 1 IP address (1 host up) scanned in 3.39 seconds伟大的！我快到了。我也想禁止TLS_RSA_WITH_AES_128_CBC_SHA但将其添加到jdk.tls.disabledAlgorithms禁用所有内容：Will-Adams-MacBook-Air:~ Looker$ nmap -script ssl-enum-ciphers -p 9999 <AWS INSTANCE>.compute.amazonaws.comStarting Nmap 7.70 ( https://nmap.org ) at 2018-09-06 14:28 PDTNmap scan report for <AWS INSTANCE>.compute.amazonaws.com Host is up (0.079s latency).PORT     STATE SERVICE9999/tcp open  abyssNmap done: 1 IP address (1 host up) scanned in 0.85 seconds为什么是这样？有没有办法让我禁用TLS_RSA_WITH_AES_128_CBC_SHA而不禁用TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 和TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384？