Oh, sorry, the example was in spring, not blueprint. Let me check in the component how to inject the configuration.
Regards JB On 03/02/2020 13:43, Gerald Kallas wrote: > Tx JB. > > So I tried this (see below) but getting > > Blueprint bundle isp.route.RST.xml/0.0.0 is waiting for namespace handlers > [http://camel.apache.org/schema/spring] > > As Claus mentioned earlier one must not mix Blueprint with Spring. Without > the Spring namespace the keyword "sslContextParameters" can't be resolved. Is > there an example for this pure Blueprint configuration? > > And .. can I define the sslContextParameters once in another Blueprint file? > > Best > - Gerald > > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";> > > <sslContextParameters id="sslContextParameters" > xmlns="http://camel.apache.org/schema/spring";> > <secureSocketProtocols> > <!-- Do NOT enable SSLv3 (POODLE vulnerability) --> > <secureSocketProtocol>TLSv1</secureSocketProtocol> > <secureSocketProtocol>TLSv1.1</secureSocketProtocol> > <secureSocketProtocol>TLSv1.2</secureSocketProtocol> > </secureSocketProtocols> > <trustManagers> > <keyStore resource="etc/truststore.jks" > password="xxxxx"/> > </trustManagers> > </sslContextParameters> > > <bean id="jetty" > class="org.apache.camel.component.jetty9.JettyHttpComponent9"> > <property name="sslContextParameters" > ref="sslContextParameters" /> > </bean> > > <camelContext id="isp.routes.RST" > xmlns="http://camel.apache.org/schema/blueprint"; streamCache="true"> > > <restConfiguration bindingMode="auto" component="jetty" > scheme="https" port="8443" /> > > <rest path="/say"> > <get uri="/hello" consumes="application/json" > id="isp.routes.RST001"> > <to uri="direct:hello"/> > </get> > <get uri="/bye" consumes="application/json" > id="isp.routes.RST002"> > <to uri="direct:bye"/> > </get> > </rest> > > <route id="isp.routes.RST001hello"> > <from uri="jetty:https://0.0.0.0:8443/hello"; /> > <setHeader name="Content-Type"> > <constant>application/json</constant> > </setHeader> > <transform> > <constant>{"text": "Hello World"}</constant> > </transform> > </route> > > <route id="isp.routes.RST003"> > <from uri="direct:hello"/> > <setHeader name="Content-Type"> > <constant>application/json</constant> > </setHeader> > <transform> > <constant>{"text": "Hello World"}</constant> > </transform> > </route> > > <route id="isp.routes.RST004"> > <from uri="direct:bye"/> > <setHeader name="Content-Type"> > <constant>application/json</constant> > </setHeader> > <transform> > <constant>{"text": "Bye World"}</constant> > </transform> > </route> > > </camelContext> > > </blueprint> > > >> Jean-Baptiste Onofré <j...@nanthrax.net> hat am 3. Februar 2020 13:04 >> geschrieben: >> >> >> Hi, >> >> By default, camel-jetty create a new connector: it doesn't use the one >> provided by pax-web. If you want to "plug" into the pax-web jetty >> connector, you have to use camel-servlet. >> >> camel-jetty fully creates a new jetty connector, so the TLS >> configuration has to be set on camel-jetty. >> >> Regards >> JB >> >> On 03/02/2020 11:52, Gerald Kallas wrote: >>> I tried this setting >>> >>> org.ops4j.pax.web.ssl.protocols.included = TLSv1.2 >>> >>> in >>> >>> org.ops4j.pax.web.cfg. >>> >>> But this doesn't have any effect. >>> >>> Still the same, I'm getting in the log >>> >>> 2020-02-03T02:00:35,872 | INFO | Blueprint Event Dispatcher: 1 | >>> JettyHttpComponent9 | 105 - org.apache.camel.camel-jetty - >>> 3.0.1 | Connector on port: 8443 is using includeCipherSuites: [] >>> excludeCipherSuites: [^.*_(MD5|SHA|SHA1)$, ^TLS_RSA_.*$, ^SSL_.*$, >>> ^.*_NULL_.*$, ^.*_anon_.*$] includeProtocols: [] excludeProtocols: [SSL, >>> SSLv2, SSLv2Hello, SSLv3] >>> >>> Any idea where I can set the includeProtocols value? >>> >>> Best >>> - Gerald >>> >>>> Gerald Kallas <catsh...@mailbox.org> hat am 3. Februar 2020 09:46 >>>> geschrieben: >>>> >>>> >>>> Tested with cURL >>>> >>>> curl --insecure -v https://host:8443/say/hello >>>> * Trying 10.0.0.147... >>>> * TCP_NODELAY set >>>> * Connected to host (10.0.0.147) port 8443 (#0) >>>> * ALPN, offering h2 >>>> * ALPN, offering http/1.1 >>>> * successfully set certificate verify locations: >>>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt >>>> CApath: none >>>> * TLSv1.3 (OUT), TLS handshake, Client hello (1): >>>> * TLSv1.3 (IN), TLS alert, handshake failure (552): >>>> * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure >>>> * Closing connection 0 >>>> curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert >>>> handshake failure >>>> >>>> Seems that the fallback to TLSv1.2 isn't possible >>>> >>>> So, where is the place to enable TLSv1.2 for camel-jetty? >>>> >>>> Best >>>> - Gerald >>>> >>>> >>>>> Gerald Kallas <catsh...@mailbox.org> hat am 3. Februar 2020 09:00 >>>>> geschrieben: >>>>> >>>>> >>>>> Thanks JB, >>>>> >>>>> I did not install bouncycastle. >>>>> >>>>> I did install camel-jetty only as Karaf feature. The underpinning Jetty >>>>> for the Karaf web console is working fine with HTTPS. So far I wonder >>>>> what I'm still missing that camel-jetty could work also with HTTPS. >>>>> >>>>> Best >>>>> - Gerald >>>>> >>>>>> Jean-Baptiste Onofré <j...@nanthrax.net> hat am 3. Februar 2020 05:57 >>>>>> geschrieben: >>>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> do you have bouncycastle installed ? >>>>>> >>>>>> Regards >>>>>> JB >>>>>> >>>>>> On 03/02/2020 00:29, Gerald Kallas wrote: >>>>>>> Dear community, >>>>>>> >>>>>>> I'm going to access some camel-jetty driven consumer endpoints and >>>>>>> getting a >>>>>>> >>>>>>> SSL_ERROR_NO_CYPHER_OVERLAP >>>>>>> >>>>>>> error. The web console nevertheless is working well. >>>>>>> >>>>>>> Any hints are appreciated. >>>>>>> >>>>>>> That's the jetty.xml section >>>>>>> >>>>>>> <New id="httpConfig" >>>>>>> class="org.eclipse.jetty.server.HttpConfiguration"> >>>>>>> <Set name="secureScheme">https</Set> >>>>>>> <Set name="securePort"> >>>>>>> <Property name="jetty.secure.port" >>>>>>> default="8443" /> >>>>>>> </Set> >>>>>>> <Set name="outputBufferSize">32768</Set> >>>>>>> <Set name="requestHeaderSize">8192</Set> >>>>>>> <Set name="responseHeaderSize">8192</Set> >>>>>>> <Set name="sendServerVersion">true</Set> >>>>>>> <Set name="sendDateHeader">false</Set> >>>>>>> <Set name="headerCacheSize">512</Set> >>>>>>> </New> >>>>>>> >>>>>>> P.S. I'm running >>>>>>> >>>>>>> openjdk version "1.8.0_242" >>>>>>> OpenJDK Runtime Environment (build 1.8.0_242-b08) >>>>>>> OpenJDK 64-Bit Server VM (build 25.242-b08, mixed mode) >>>>>>> Karaf 4.2.7 >>>>>>> Camel 3.0.1 >>>>>>> >>>>>>> Best >>>>>>> - Gerald >>>>>>> >>>>>> >>>>>> -- >>>>>> Jean-Baptiste Onofré >>>>>> jbono...@apache.org >>>>>> http://blog.nanthrax.net >>>>>> Talend - http://www.talend.com >> >> -- >> Jean-Baptiste Onofré >> jbono...@apache.org >> http://blog.nanthrax.net >> Talend - http://www.talend.com -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com
