Thanks for SchmitzIT! The thread is actually guide me to a workable solution which I would like to re-post here for a record!

https://aws.amazon.com/blogs/opensource/tls-1-0-1-1-changes-in-openjdk-and-amazon-corretto/

Above article have some valuable information which works for me:

• JDK8 8u292 and newer, JDK11 11.0.11 and newer, JDK16 is disabling TLS 1.0 and 1.1
• Modify (remove TLSv1 and/or TLSv1.1) jdk.tls.disabledAlgorithms in java.security configuration file located in the jre/lib/security folder for OpenJDK 8 or conf/security for OpenJDK 11 and higher will enable legacy TLS!

PS. But add a file enableLegacyTLS.security to override setting in java.security doesn't work for me (OpenJDK 11). Don't know why.

I had this issue recently, it was because I was trying to connect to an old version of Microsoft SQL Server (2012, ver. 11.00.3156) using the latest versión of the SQL Server JDBC Driver (ver. 12.2.0) with a newer versión JDK (ver. 11.0.15).

It happens because newer versión of JDK by default dissable some old security algorithms like TLSv1.0 (in favor of newer like TLSv1.2/TLSv1.3) which the old SQL Server is requiring as security algorithm.

To solve the issue I changed the JDBC driver to an older version 8.2.2 and I had to pass some java security VM options to the JDK to override some security configs and remove TLSV1.0 from the disabled algorithms

VM options to pass to JDK

-Djdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL

(note that TLSv1.0 and TLSv1.1 are removed from the original JDK list)

Doing that I managed to successfully connect to the old SQL Server 2012. Hope this help you