I use wsimport to generate code from a particular WSDL. I tried Java 10, it failed handshake, then I tried Java 9 and it was okay.
I watched communication using wireshark, and the cause became clear, the server I communicated still uses TLSv1, and I guess Java 10 wsimport no longer tolerate that (not by default at least), although 9 does.
There is nothing I can do with the server, so the question becomes how I can run Java 10 wsimport with TLSv1 tolerance?
More investigation was done, and the most helpful test was done using ssl labs. It turned out that the server supports a weak cipher suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA.
The issue was solved by adding the following java option:
-Dhttps.cipherSuites=SSL_RSA_WITH_3DES_EDE_CBC_SHA
Cannot specify the cipher suite as TLS_RSA_WITH_3DES_EDE_CBC_SHA. Java's naming convention requires it to be called SSL_RSA_WITH_3DES_EDE_CBC_SHA.
Side note: the bug mentioned in @nullpointer's comment above was solved in all three versions I tried: Java 9/10/11.