java 访问ingress https报错javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version

一、报错及部署环境

Java程序访问测试域名https方法正常，访问生产域名https域名报错，报错如下
javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version

测试环境使用KubeSphere ingress  
生产环境使用阿里云ACK服务的ingress配置　

二、问题原因

客户端和服务端SSL协议版本不一致。

三、解决方案

配置两端使用支持的SSL协议版本

四、解决步骤

1.查看测试环境和生产环境ingress协议差异　

生产环境(如果没有npm命令直接yum安装)

测试环境

可以看到实际上是两端的加密算法协商失败

2.修改阿里云ACK ingress，添加TLS协议及支持的算法 

 kubectl edit cm -n kube-system nginx-configuration #修改ingress配置
  ssl-ciphers: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  ssl-protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3

3.更新ingress 

kubectl scale --replicas=0  deployments.apps -n kube-system nginx-ingress-controller #慎用，可以
kubectl scale --replicas=10  deployments.apps -n kube-system nginx-ingress-controller

4.验证