I tried this setting org.ops4j.pax.web.ssl.protocols.included = TLSv1.2
in org.ops4j.pax.web.cfg. But this doesn't have any effect. Still the same, I'm getting in the log 2020-02-03T02:00:35,872 | INFO | Blueprint Event Dispatcher: 1 | JettyHttpComponent9 | 105 - org.apache.camel.camel-jetty - 3.0.1 | Connector on port: 8443 is using includeCipherSuites: [] excludeCipherSuites: [^.*_(MD5|SHA|SHA1)$, ^TLS_RSA_.*$, ^SSL_.*$, ^.*_NULL_.*$, ^.*_anon_.*$] includeProtocols: [] excludeProtocols: [SSL, SSLv2, SSLv2Hello, SSLv3] Any idea where I can set the includeProtocols value? Best - Gerald > Gerald Kallas <catsh...@mailbox.org> hat am 3. Februar 2020 09:46 geschrieben: > > > Tested with cURL > > curl --insecure -v https://host:8443/say/hello > * Trying 10.0.0.147... > * TCP_NODELAY set > * Connected to host (10.0.0.147) port 8443 (#0) > * ALPN, offering h2 > * ALPN, offering http/1.1 > * successfully set certificate verify locations: > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > CApath: none > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * TLSv1.3 (IN), TLS alert, handshake failure (552): > * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure > * Closing connection 0 > curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake > failure > > Seems that the fallback to TLSv1.2 isn't possible > > So, where is the place to enable TLSv1.2 for camel-jetty? > > Best > - Gerald > > > > Gerald Kallas <catsh...@mailbox.org> hat am 3. Februar 2020 09:00 > > geschrieben: > > > > > > Thanks JB, > > > > I did not install bouncycastle. > > > > I did install camel-jetty only as Karaf feature. The underpinning Jetty for > > the Karaf web console is working fine with HTTPS. So far I wonder what I'm > > still missing that camel-jetty could work also with HTTPS. > > > > Best > > - Gerald > > > > > Jean-Baptiste Onofré <j...@nanthrax.net> hat am 3. Februar 2020 05:57 > > > geschrieben: > > > > > > > > > Hi, > > > > > > do you have bouncycastle installed ? > > > > > > Regards > > > JB > > > > > > On 03/02/2020 00:29, Gerald Kallas wrote: > > > > Dear community, > > > > > > > > I'm going to access some camel-jetty driven consumer endpoints and > > > > getting a > > > > > > > > SSL_ERROR_NO_CYPHER_OVERLAP > > > > > > > > error. The web console nevertheless is working well. > > > > > > > > Any hints are appreciated. > > > > > > > > That's the jetty.xml section > > > > > > > > <New id="httpConfig" > > > > class="org.eclipse.jetty.server.HttpConfiguration"> > > > > <Set name="secureScheme">https</Set> > > > > <Set name="securePort"> > > > > <Property name="jetty.secure.port" > > > > default="8443" /> > > > > </Set> > > > > <Set name="outputBufferSize">32768</Set> > > > > <Set name="requestHeaderSize">8192</Set> > > > > <Set name="responseHeaderSize">8192</Set> > > > > <Set name="sendServerVersion">true</Set> > > > > <Set name="sendDateHeader">false</Set> > > > > <Set name="headerCacheSize">512</Set> > > > > </New> > > > > > > > > P.S. I'm running > > > > > > > > openjdk version "1.8.0_242" > > > > OpenJDK Runtime Environment (build 1.8.0_242-b08) > > > > OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode) > > > > Karaf 4.2.7 > > > > Camel 3.0.1 > > > > > > > > Best > > > > - Gerald > > > > > > > > > > -- > > > Jean-Baptiste Onofré > > > jbono...@apache.org > > > http://blog.nanthrax.net > > > Talend - http://www.talend.com
