[ https://issues.apache.org/jira/browse/CAMEL-14527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17035333#comment-17035333 ]
Claus Ibsen commented on CAMEL-14527: ------------------------------------- Can you please move this conversation to the user mailing list or chat, thanks. > camel-jetty HTTPS consumer still fails with handshake failure > ------------------------------------------------------------- > > Key: CAMEL-14527 > URL: https://issues.apache.org/jira/browse/CAMEL-14527 > Project: Camel > Issue Type: Bug > Components: camel-jetty > Affects Versions: 3.0.1 > Reporter: Gerald Kallas > Assignee: Jiri Ondrusek > Priority: Major > > After several research I did create the following Blueprint DSL route that > still fails with a TLS handshake failure. > {code:java} > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"<blueprint > xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 > https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd"> > <sslContextParameters id="sslContextParameters" > xmlns="http://camel.apache.org/schema/blueprint"> > <secureSocketProtocolsFilter> > <include>TLSv1.2</include> > <include>TLSv1.1</include> > </secureSocketProtocolsFilter> > <cipherSuitesFilter> > <include>.*</include> > <exclude/> > </cipherSuitesFilter> > <keyManagers keyPassword="xxxxx"> > <keyStore resource="etc/truststore.jks" password="xxxxx"/> > </keyManagers> > <trustManagers> > <keyStore resource="etc/keystore.p12" password="xxxxx"/> > </trustManagers> > </sslContextParameters> > <camelContext id="WEBISP001" > xmlns="http://camel.apache.org/schema/blueprint"> > <route id="WEBISP001"> > <from > uri="jetty:https://0.0.0.0:8444/hello?sslContextParameters=sslContextParameters" > /> > <log message="hello request body: ${in.body}" /> > </route> > </camelContext> > </blueprint> > {code} > This is the deployment log > {code:java} > 2020-02-08T20:31:49,784 | INFO | fileinstall-/opt/apache-karaf-4.2.7/deploy > | BlueprintContainerImpl | 80 - org.apache.aries.blueprint.core - > 1.10.2 | Blueprint bundle WEBISP001.xml/0.0.0 has been started > 2020-02-08T20:31:49,786 | INFO | Blueprint Event Dispatcher: 1 | > BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 | > Attempting to start CamelContext: WEBISP001 > 2020-02-08T20:31:49,789 | INFO | Blueprint Event Dispatcher: 1 | > BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 | > Apache Camel 3.0.1 (CamelContext: WEBISP001) is starting > 2020-02-08T20:31:49,791 | INFO | Blueprint Event Dispatcher: 1 | > JmxManagementStrategy | 88 - org.apache.camel.camel-api - 3.0.1 | > JMX is enabled > 2020-02-08T20:31:49,877 | INFO | Blueprint Event Dispatcher: 1 | > HttpComponent | 88 - org.apache.camel.camel-api - 3.0.1 | > Created ClientConnectionManager > org.apache.http.impl.conn.PoolingHttpClientConnectionManager@12fc7e57 > 2020-02-08T20:31:49,881 | INFO | Blueprint Event Dispatcher: 1 | > BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 | > StreamCaching is not in use. If using streams then its recommended to enable > stream caching. See more details at > http://camel.apache.org/stream-caching.html > 2020-02-08T20:31:49,896 | INFO | Blueprint Event Dispatcher: 1 | > SSLContextParameters | 88 - org.apache.camel.camel-api - 3.0.1 | > Available providers: SUN version 1.8. > 2020-02-08T20:31:49,906 | INFO | Blueprint Event Dispatcher: 1 | > JettyHttpComponent9 | 112 - org.apache.camel.camel-jetty - 3.0.1 > | Connector on port: 8444 is using includeCipherSuites: [.*] > excludeCipherSuites: [] includeProtocols: [TLSv1.3, TLSv1.2, TLSv1.1] > excludeProtocols: [SSL, SSLv2, SSLv2Hello, SSLv3] > 2020-02-08T20:31:49,907 | INFO | Blueprint Event Dispatcher: 1 | Server > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | > jetty-9.4.20.v20190813; built: 2019-08-13T21:28:18.144Z; git: > 84700530e645e812b336747464d6fbbf370c9a20; jvm 1.8.0_242-b08 > 2020-02-08T20:31:49,908 | INFO | Blueprint Event Dispatcher: 1 | > ContextHandler | 217 - org.eclipse.jetty.util - > 9.4.20.v20190813 | Started > o.e.j.s.ServletContextHandler@4d63dc0b{/,null,AVAILABLE} > 2020-02-08T20:31:49,915 | INFO | Blueprint Event Dispatcher: 1 | > SslContextFactory | 217 - org.eclipse.jetty.util - > 9.4.20.v20190813 | Protocol TLSv1.3 not supported in [SSLv2Hello, SSLv3, > TLSv1, TLSv1.1, TLSv1.2] > 2020-02-08T20:31:49,915 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,916 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,916 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,917 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_RSA_WITH_AES_256_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,917 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_RSA_WITH_AES_256_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,917 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,918 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,918 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,919 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_DHE_DSS_WITH_AES_256_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,919 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256 enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,921 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,922 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,923 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_RSA_WITH_AES_128_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,924 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_RSA_WITH_AES_128_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,925 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,926 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,927 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,927 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_DHE_DSS_WITH_AES_128_CBC_SHA enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,928 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,929 | WARN | Blueprint Event Dispatcher: 1 | config > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak > cipher suite TLS_RSA_WITH_AES_128_GCM_SHA256 enabled for > SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null] > 2020-02-08T20:31:49,930 | INFO | Blueprint Event Dispatcher: 1 | > AbstractConnector | 217 - org.eclipse.jetty.util - > 9.4.20.v20190813 | Started ServerConnector@11e4bb7f{ssl,[ssl, > http/1.1]}{0.0.0.0:8444} > 2020-02-08T20:31:49,931 | INFO | Blueprint Event Dispatcher: 1 | Server > | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | > Started @1786570ms > 2020-02-08T20:31:49,932 | INFO | Blueprint Event Dispatcher: 1 | > BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 | > Route: WEBISP001 started and consuming from: jetty:https://0.0.0.0:8444/hello > 2020-02-08T20:31:49,933 | INFO | Blueprint Event Dispatcher: 1 | > BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 | > Total 1 routes, of which 1 are started > 2020-02-08T20:31:49,933 | INFO | Blueprint Event Dispatcher: 1 | > BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 | > Apache Camel 3.0.1 (CamelContext: WEBISP001) started in 0.145 seconds > 2020-02-08T20:31:49,987 | INFO | fileinstall-/opt/apache-karaf-4.2.7/deploy > | fileinstall | 10 - org.apache.felix.fileinstall - > 3.6.4 | Started bundle: > blueprint:file:/opt/apache-karaf-4.2.7/deploy/WEBISP001.xml > {code} > The request to the endpoint still fails with > {code:java} > curl -vvv --insecure --location --request POST 'https://host:8444/hello' > --data-raw 'Hello World!' > Note: Unnecessary use of -X or --request, POST is already inferred. > * Trying 10.0.0.147... > * TCP_NODELAY set > * Connected to host (10.0.0.147) port 8444 (#0) > * ALPN, offering h2 > * ALPN, offering http/1.1 > * successfully set certificate verify locations: > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > CApath: none > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * TLSv1.3 (IN), TLS alert, handshake failure (552): > * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure > * Closing connection 0 > curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake > failure{code} -- This message was sent by Atlassian Jira (v8.3.4#803005)