A TLS client may offer ciphersuites that it does not support to a TLS server. This happens when SunJCE security provider is disabled. Once possible reason for disabling SunJCE is enabling FIPS mode.
There is an explicit assumption that SunJCE will always be available, when deciding if a ciphersuite is enabled: http://hg.openjdk.java.net/jdk/jdk/file/4f2fd02922b1/src/java.base/share/classes/sun/security/ssl/SSLCipher.java#l492
In the context of fixing this bug, we should review that assumption and check whether or not the ciphersuite should be offered in run time.
To reproduce this bug, we can apply the attached patch to FipsModeTLS12 test. The TLS client will offer TLS_RSA_WITH_AES_128_GCM_SHA256 ciphersuite while AES/GCM/NoPadding transformation is not available in SunPKCS11 provider. Verified in JDK revision df2b3565f343.