camel-jetty HTTPS consumer still fails with handshake failure - possible bug?

Sun, 09 Feb 2020 14:49:53 -0800 

Hi everybody,

after several research I did create the following Blueprint DSL route that 
still fails with a TLS handshake failure.

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
        xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 
https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd";>

        <sslContextParameters id="sslContextParameters" 
xmlns="http://camel.apache.org/schema/blueprint";>
                <secureSocketProtocolsFilter>
                        <include>TLSv1.2</include>
                        <include>TLSv1.1</include>
                </secureSocketProtocolsFilter>
                <cipherSuitesFilter>
                        <include>.*</include>
                        <exclude></exclude>
                </cipherSuitesFilter>
                <keyManagers keyPassword="xxxxx">
                        <keyStore resource="etc/truststore.jks" 
password="xxxxx"/>
                </keyManagers>
                <trustManagers>
                        <keyStore resource="etc/casag.p12" password="xxxxx"/>
                </trustManagers>
        </sslContextParameters>

        <camelContext id="WEBISP001" 
xmlns="http://camel.apache.org/schema/blueprint";>

                <route id="WEBISP001">
                        <from 
uri="jetty:https://0.0.0.0:8444/hello?sslContextParameters=sslContextParameters";
 />
                        <log message="hello request body: ${in.body}" />
                </route>

        </camelContext>

</blueprint>

The request to the endpoint still fails with

curl -vvv --insecure --location --request POST 'https://host:8444/hello' 
--data-raw 'Hello World!'
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 10.0.0.147...
* TCP_NODELAY set
* Connected to host (10.0.0.147) port 8444 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake 
failure

The log while deployment shows that the sslContextParameters shows that the SSL 
context parameters are being applied.

It seems to me like a bug or do I still miss something?

Any help is highly appreciated.

Best
- Gerald

Reply via email to