Hi Try with Java 11, and also try with Camel 3.10.0
On Tue, Jun 8, 2021 at 8:34 AM Jörg Jansen <joerg.jan...@inform-software.com> wrote: > > Hi everybody, > > while migrating from camel2 to camel3, I currently have a problem running our > REST services with SSL. > My used environment is: > Camel: 3.7.4 > Karaf: 4.3.2 > Java: 15 > REST-Consumer: camel-jetty > > Configuring pax-web with my certificates works fine. > But when I configure the JettyComponent with the needed SSL-configuration I > receive a 'No available authentication scheme' error. > > My configuration looks as followed: > ********************************************************************************************************************************************************** > JettyHttpComponent jettyComponent = context.getComponent("jetty", > JettyHttpComponent.class); > > jettyComponent.setKeystore(configuration.getSslKeyStore()); > jettyComponent.setSslPassword(configuration.getSslKeyStorePass()); > jettyComponent.setSslKeyPassword(configuration.getSslKeyPass()); > > KeyStoreParameters ksp = new KeyStoreParameters(); > ksp.setCamelContext(context); > ksp.setResource("{{sslKeyStore}}"); > ksp.setPassword("{{sslKeyStorePass}}"); > > KeyManagersParameters kmp = new KeyManagersParameters(); > kmp.setCamelContext(context); > kmp.setKeyStore(ksp); > kmp.setKeyPassword("{{sslKeyPass}}"); > > FilterParameters sslProtocollFilter = new FilterParameters(); > sslProtocollFilter.getIncludePatterns().add(Pattern.compile("TLS.*")); > sslProtocollFilter.getExclude().add("SSL3"); > > SSLContextParameters sslContextParameters = new SSLContextParameters(); > sslContextParameters.setSecureSocketProtocolsFilter(sslProtocollFilter); > sslContextParameters.setKeyManagers(kmp); > > FilterParameters sslCipherFilter = new FilterParameters(); > sslCipherFilter.getIncludePatterns().add(Pattern.compile(".*")); > > jettyComponent.setSslContextParameters(sslContextParameters); > ********************************************************************************************************************************************************** > > The error message, when enabling TLS-handshake is: > ********************************************************************************************************************************************************** > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.097 > CEST|X509Authentication.java:301|No X.509 cert selected for EC > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.098 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > ecdsa_secp256r1_sha256 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.370 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.371 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pss_rsae_sha256 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.686 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.686 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pkcs1_sha256 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.708 > CEST|X509Authentication.java:301|No X.509 cert selected for EC > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.709 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > ecdsa_secp384r1_sha384 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.014 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.014 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pss_rsae_sha384 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.371 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.372 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pkcs1_sha384 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.718 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.718 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pss_rsae_sha512 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:47.088 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.088 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pkcs1_sha512 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:47.565 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.565 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pkcs1_sha1 > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.568 > CEST|CertificateMessage.java:1077|No available authentication scheme > javax.net.ssl|ERROR|01 E1|qtp899741955-481|2021-06-08 07:47:47.568 > CEST|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): No available > authentication scheme ( > "throwable" : { > javax.net.ssl.SSLHandshakeException: No available authentication scheme > ********************************************************************************************************************************************************** > > Does anybody has a hint, what might be the problem? > Running the same on camel2 with jdk 8 works well. > > Kind regards, > Joerg -- Claus Ibsen ----------------- http://davsclaus.com @davsclaus Camel in Action 2: https://www.manning.com/ibsen2