Hi Claus, thank you for you fast feedback. Unfortunately, using jdk11 with camel 3.10.0 has still the same result.
While debugging the behavior, and comparing the web app connection and the REST connection, I could see, that the SSLContext of the webapp contains a SNIX509ExtendedKeyManager, while the context of the jetty component contains a DummyX509KeyManager. I think this is a hint of the root cause. Is there any possibility to set the wanted KeyManager? Regards, Joerg -----Original Message----- From: Claus Ibsen <[email protected]> Sent: Dienstag, 8. Juni 2021 09:03 To: [email protected] Subject: Re: Camel-Jetty SSL-REST Consumer Hi Try with Java 11, and also try with Camel 3.10.0 On Tue, Jun 8, 2021 at 8:34 AM Jörg Jansen <[email protected]> wrote: > > Hi everybody, > > while migrating from camel2 to camel3, I currently have a problem running our > REST services with SSL. > My used environment is: > Camel: 3.7.4 > Karaf: 4.3.2 > Java: 15 > REST-Consumer: camel-jetty > > Configuring pax-web with my certificates works fine. > But when I configure the JettyComponent with the needed SSL-configuration I > receive a 'No available authentication scheme' error. > > My configuration looks as followed: > ********************************************************************************************************************************************************** > JettyHttpComponent jettyComponent = context.getComponent("jetty", > JettyHttpComponent.class); > > jettyComponent.setKeystore(configuration.getSslKeyStore()); > jettyComponent.setSslPassword(configuration.getSslKeyStorePass()); > jettyComponent.setSslKeyPassword(configuration.getSslKeyPass()); > > KeyStoreParameters ksp = new KeyStoreParameters(); > ksp.setCamelContext(context); > ksp.setResource("{{sslKeyStore}}"); > ksp.setPassword("{{sslKeyStorePass}}"); > > KeyManagersParameters kmp = new KeyManagersParameters(); > kmp.setCamelContext(context); > kmp.setKeyStore(ksp); > kmp.setKeyPassword("{{sslKeyPass}}"); > > FilterParameters sslProtocollFilter = new FilterParameters(); > sslProtocollFilter.getIncludePatterns().add(Pattern.compile("TLS.*")); > sslProtocollFilter.getExclude().add("SSL3"); > > SSLContextParameters sslContextParameters = new SSLContextParameters(); > sslContextParameters.setSecureSocketProtocolsFilter(sslProtocollFilter); > sslContextParameters.setKeyManagers(kmp); > > FilterParameters sslCipherFilter = new FilterParameters(); > sslCipherFilter.getIncludePatterns().add(Pattern.compile(".*")); > > jettyComponent.setSslContextParameters(sslContextParameters); > ********************************************************************** > ********************************************************************** > ************** > > The error message, when enabling TLS-handshake is: > ********************************************************************************************************************************************************** > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.097 > CEST|X509Authentication.java:301|No X.509 cert selected for EC > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.098 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > ecdsa_secp256r1_sha256 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.370 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.371 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pss_rsae_sha256 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.686 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.686 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pkcs1_sha256 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.708 > CEST|X509Authentication.java:301|No X.509 cert selected for EC > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.709 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > ecdsa_secp384r1_sha384 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.014 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.014 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pss_rsae_sha384 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.371 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.372 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pkcs1_sha384 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.718 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.718 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pss_rsae_sha512 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:47.088 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.088 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pkcs1_sha512 > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:47.565 > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.565 > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > rsa_pkcs1_sha1 > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.568 > CEST|CertificateMessage.java:1077|No available authentication scheme > javax.net.ssl|ERROR|01 E1|qtp899741955-481|2021-06-08 07:47:47.568 > CEST|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): No available > authentication scheme ( > "throwable" : { > javax.net.ssl.SSLHandshakeException: No available authentication > scheme > ********************************************************************** > ********************************************************************** > ************** > > Does anybody has a hint, what might be the problem? > Running the same on camel2 with jdk 8 works well. > > Kind regards, > Joerg -- Claus Ibsen ----------------- http://davsclaus.com @davsclaus Camel in Action 2: https://www.manning.com/ibsen2
