Tx JB. So I tried this (see below) but getting
Blueprint bundle isp.route.RST.xml/0.0.0 is waiting for namespace handlers [http://camel.apache.org/schema/spring] As Claus mentioned earlier one must not mix Blueprint with Spring. Without the Spring namespace the keyword "sslContextParameters" can't be resolved. Is there an example for this pure Blueprint configuration? And .. can I define the sslContextParameters once in another Blueprint file? Best - Gerald <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";> <sslContextParameters id="sslContextParameters" xmlns="http://camel.apache.org/schema/spring";> <secureSocketProtocols> <!-- Do NOT enable SSLv3 (POODLE vulnerability) --> <secureSocketProtocol>TLSv1</secureSocketProtocol> <secureSocketProtocol>TLSv1.1</secureSocketProtocol> <secureSocketProtocol>TLSv1.2</secureSocketProtocol> </secureSocketProtocols> <trustManagers> <keyStore resource="etc/truststore.jks" password="xxxxx"/> </trustManagers> </sslContextParameters> <bean id="jetty" class="org.apache.camel.component.jetty9.JettyHttpComponent9"> <property name="sslContextParameters" ref="sslContextParameters" /> </bean> <camelContext id="isp.routes.RST" xmlns="http://camel.apache.org/schema/blueprint"; streamCache="true"> <restConfiguration bindingMode="auto" component="jetty" scheme="https" port="8443" /> <rest path="/say"> <get uri="/hello" consumes="application/json" id="isp.routes.RST001"> <to uri="direct:hello"/> </get> <get uri="/bye" consumes="application/json" id="isp.routes.RST002"> <to uri="direct:bye"/> </get> </rest> <route id="isp.routes.RST001hello"> <from uri="jetty:https://0.0.0.0:8443/hello"; /> <setHeader name="Content-Type"> <constant>application/json</constant> </setHeader> <transform> <constant>{"text": "Hello World"}</constant> </transform> </route> <route id="isp.routes.RST003"> <from uri="direct:hello"/> <setHeader name="Content-Type"> <constant>application/json</constant> </setHeader> <transform> <constant>{"text": "Hello World"}</constant> </transform> </route> <route id="isp.routes.RST004"> <from uri="direct:bye"/> <setHeader name="Content-Type"> <constant>application/json</constant> </setHeader> <transform> <constant>{"text": "Bye World"}</constant> </transform> </route> </camelContext> </blueprint> > Jean-Baptiste Onofré <j...@nanthrax.net> hat am 3. Februar 2020 13:04 > geschrieben: > > > Hi, > > By default, camel-jetty create a new connector: it doesn't use the one > provided by pax-web. If you want to "plug" into the pax-web jetty > connector, you have to use camel-servlet. > > camel-jetty fully creates a new jetty connector, so the TLS > configuration has to be set on camel-jetty. > > Regards > JB > > On 03/02/2020 11:52, Gerald Kallas wrote: > > I tried this setting > > > > org.ops4j.pax.web.ssl.protocols.included = TLSv1.2 > > > > in > > > > org.ops4j.pax.web.cfg. > > > > But this doesn't have any effect. > > > > Still the same, I'm getting in the log > > > > 2020-02-03T02:00:35,872 | INFO | Blueprint Event Dispatcher: 1 | > > JettyHttpComponent9 | 105 - org.apache.camel.camel-jetty - > > 3.0.1 | Connector on port: 8443 is using includeCipherSuites: [] > > excludeCipherSuites: [^.*_(MD5|SHA|SHA1)$, ^TLS_RSA_.*$, ^SSL_.*$, > > ^.*_NULL_.*$, ^.*_anon_.*$] includeProtocols: [] excludeProtocols: [SSL, > > SSLv2, SSLv2Hello, SSLv3] > > > > Any idea where I can set the includeProtocols value? > > > > Best > > - Gerald > > > >> Gerald Kallas <catsh...@mailbox.org> hat am 3. Februar 2020 09:46 > >> geschrieben: > >> > >> > >> Tested with cURL > >> > >> curl --insecure -v https://host:8443/say/hello > >> * Trying 10.0.0.147... > >> * TCP_NODELAY set > >> * Connected to host (10.0.0.147) port 8443 (#0) > >> * ALPN, offering h2 > >> * ALPN, offering http/1.1 > >> * successfully set certificate verify locations: > >> * CAfile: /etc/pki/tls/certs/ca-bundle.crt > >> CApath: none > >> * TLSv1.3 (OUT), TLS handshake, Client hello (1): > >> * TLSv1.3 (IN), TLS alert, handshake failure (552): > >> * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure > >> * Closing connection 0 > >> curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert > >> handshake failure > >> > >> Seems that the fallback to TLSv1.2 isn't possible > >> > >> So, where is the place to enable TLSv1.2 for camel-jetty? > >> > >> Best > >> - Gerald > >> > >> > >>> Gerald Kallas <catsh...@mailbox.org> hat am 3. Februar 2020 09:00 > >>> geschrieben: > >>> > >>> > >>> Thanks JB, > >>> > >>> I did not install bouncycastle. > >>> > >>> I did install camel-jetty only as Karaf feature. The underpinning Jetty > >>> for the Karaf web console is working fine with HTTPS. So far I wonder > >>> what I'm still missing that camel-jetty could work also with HTTPS. > >>> > >>> Best > >>> - Gerald > >>> > >>>> Jean-Baptiste Onofré <j...@nanthrax.net> hat am 3. Februar 2020 05:57 > >>>> geschrieben: > >>>> > >>>> > >>>> Hi, > >>>> > >>>> do you have bouncycastle installed ? > >>>> > >>>> Regards > >>>> JB > >>>> > >>>> On 03/02/2020 00:29, Gerald Kallas wrote: > >>>>> Dear community, > >>>>> > >>>>> I'm going to access some camel-jetty driven consumer endpoints and > >>>>> getting a > >>>>> > >>>>> SSL_ERROR_NO_CYPHER_OVERLAP > >>>>> > >>>>> error. The web console nevertheless is working well. > >>>>> > >>>>> Any hints are appreciated. > >>>>> > >>>>> That's the jetty.xml section > >>>>> > >>>>> <New id="httpConfig" > >>>>> class="org.eclipse.jetty.server.HttpConfiguration"> > >>>>> <Set name="secureScheme">https</Set> > >>>>> <Set name="securePort"> > >>>>> <Property name="jetty.secure.port" > >>>>> default="8443" /> > >>>>> </Set> > >>>>> <Set name="outputBufferSize">32768</Set> > >>>>> <Set name="requestHeaderSize">8192</Set> > >>>>> <Set name="responseHeaderSize">8192</Set> > >>>>> <Set name="sendServerVersion">true</Set> > >>>>> <Set name="sendDateHeader">false</Set> > >>>>> <Set name="headerCacheSize">512</Set> > >>>>> </New> > >>>>> > >>>>> P.S. I'm running > >>>>> > >>>>> openjdk version "1.8.0_242" > >>>>> OpenJDK Runtime Environment (build 1.8.0_242-b08) > >>>>> OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode) > >>>>> Karaf 4.2.7 > >>>>> Camel 3.0.1 > >>>>> > >>>>> Best > >>>>> - Gerald > >>>>> > >>>> > >>>> -- > >>>> Jean-Baptiste Onofré > >>>> jbono...@apache.org > >>>> http://blog.nanthrax.net > >>>> Talend - http://www.talend.com > > -- > Jean-Baptiste Onofré > jbono...@apache.org > http://blog.nanthrax.net > Talend - http://www.talend.com
