camel-jetty HTTPS consumer still fails with handshake failure - possible bug?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

camel-jetty HTTPS consumer still fails with handshake failure - possible bug?

Gerald Kallas - mailbox.org
Hi everybody,

after several research I did create the following Blueprint DSL route that still fails with a TLS handshake failure.

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">

        <sslContextParameters id="sslContextParameters" xmlns="http://camel.apache.org/schema/blueprint">
                <secureSocketProtocolsFilter>
                        <include>TLSv1.2</include>
                        <include>TLSv1.1</include>
                </secureSocketProtocolsFilter>
                <cipherSuitesFilter>
                        <include>.*</include>
                        <exclude></exclude>
                </cipherSuitesFilter>
                <keyManagers keyPassword="xxxxx">
                        <keyStore resource="etc/truststore.jks" password="xxxxx"/>
                </keyManagers>
                <trustManagers>
                        <keyStore resource="etc/casag.p12" password="xxxxx"/>
                </trustManagers>
        </sslContextParameters>

        <camelContext id="WEBISP001" xmlns="http://camel.apache.org/schema/blueprint">

                <route id="WEBISP001">
                        <from uri="jetty:https://0.0.0.0:8444/hello?sslContextParameters=sslContextParameters" />
                        <log message="hello request body: ${in.body}" />
                </route>

        </camelContext>

</blueprint>

The request to the endpoint still fails with

curl -vvv --insecure --location --request POST 'https://host:8444/hello' --data-raw 'Hello World!'
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 10.0.0.147...
* TCP_NODELAY set
* Connected to host (10.0.0.147) port 8444 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

The log while deployment shows that the sslContextParameters shows that the SSL context parameters are being applied.

It seems to me like a bug or do I still miss something?

Any help is highly appreciated.

Best
- Gerald