@hxn Please locate java.security file and use "jdk.tls.disabledAlgorithms" to disable TLSv1, TLSv1.1.
If you upgrade Java, you will have to redo it.
e.g.
# find /usr/java/jdk1.8.0_232-cloudera/ -iname java.security
/usr/java/jdk1.8.0_232-cloudera/jre/lib/security/java.security
# grep -i jdk.tls.disabledAlgorithms /usr/java/jdk1.8.0_232-cloudera/jre/lib/security/java.security
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, MD5withRSA, DH keySize < 768, 3DES_EDE_CBC
# certificates such as jdk.tls.disabledAlgorithms or