Hi everybody,
while migrating from camel2 to camel3, I currently have a problem running our
REST services with SSL.
My used environment is:
Camel: 3.7.4
Karaf: 4.3.2
Java: 15
REST-Consumer: camel-jetty
Configuring pax-web with my certificates works fine.
But when I configure the JettyComponent with the needed SSL-configuration I
receive a 'No available authentication scheme' error.
My configuration looks as followed:
**********************************************************************************************************************************************************
JettyHttpComponent jettyComponent = context.getComponent("jetty",
JettyHttpComponent.class);
jettyComponent.setKeystore(configuration.getSslKeyStore());
jettyComponent.setSslPassword(configuration.getSslKeyStorePass());
jettyComponent.setSslKeyPassword(configuration.getSslKeyPass());
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setCamelContext(context);
ksp.setResource("{{sslKeyStore}}");
ksp.setPassword("{{sslKeyStorePass}}");
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setCamelContext(context);
kmp.setKeyStore(ksp);
kmp.setKeyPassword("{{sslKeyPass}}");
FilterParameters sslProtocollFilter = new FilterParameters();
sslProtocollFilter.getIncludePatterns().add(Pattern.compile("TLS.*"));
sslProtocollFilter.getExclude().add("SSL3");
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setSecureSocketProtocolsFilter(sslProtocollFilter);
sslContextParameters.setKeyManagers(kmp);
FilterParameters sslCipherFilter = new FilterParameters();
sslCipherFilter.getIncludePatterns().add(Pattern.compile(".*"));
jettyComponent.setSslContextParameters(sslContextParameters);
**********************************************************************************************************************************************************
The error message, when enabling TLS-handshake is:
**********************************************************************************************************************************************************
javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.097
CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.098
CEST|CertificateMessage.java:1067|Unavailable authentication scheme:
ecdsa_secp256r1_sha256
javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.370
CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.371
CEST|CertificateMessage.java:1067|Unavailable authentication scheme:
rsa_pss_rsae_sha256
javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.686
CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.686
CEST|CertificateMessage.java:1067|Unavailable authentication scheme:
rsa_pkcs1_sha256
javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.708
CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.709
CEST|CertificateMessage.java:1067|Unavailable authentication scheme:
ecdsa_secp384r1_sha384
javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.014
CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.014
CEST|CertificateMessage.java:1067|Unavailable authentication scheme:
rsa_pss_rsae_sha384
javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.371
CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.372
CEST|CertificateMessage.java:1067|Unavailable authentication scheme:
rsa_pkcs1_sha384
javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.718
CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.718
CEST|CertificateMessage.java:1067|Unavailable authentication scheme:
rsa_pss_rsae_sha512
javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:47.088
CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.088
CEST|CertificateMessage.java:1067|Unavailable authentication scheme:
rsa_pkcs1_sha512
javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:47.565
CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.565
CEST|CertificateMessage.java:1067|Unavailable authentication scheme:
rsa_pkcs1_sha1
javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.568
CEST|CertificateMessage.java:1077|No available authentication scheme
javax.net.ssl|ERROR|01 E1|qtp899741955-481|2021-06-08 07:47:47.568
CEST|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): No available
authentication scheme (
"throwable" : {
javax.net.ssl.SSLHandshakeException: No available authentication scheme
**********************************************************************************************************************************************************
Does anybody has a hint, what might be the problem?
Running the same on camel2 with jdk 8 works well.
Kind regards,
Joerg
