You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Nicolas Filotto (Jira)" <ji...@apache.org> on 2023/08/31 09:33:00 UTC

[jira] [Commented] (CAMEL-19753) Too many TLS connections opened when cxfrs calling a service via HTTPS

    [ https://issues.apache.org/jira/browse/CAMEL-19753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17760822#comment-17760822 ] 

Nicolas Filotto commented on CAMEL-19753:
-----------------------------------------

Hi [~xldai], thank you very much for the ticket and the reproducer. By default in CXF, if no socket factory has been configured, a new socket factory is created for each request, preventing the keep alive cache of the HTTP client of the JDK from reusing existing connections.

To fix the problem, you need to configure {{SSLContextParameters}} in your route, something like:

{code:java}
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("file://Users/nicolasfilotto/test/CAMEL-19753/test-cxfrs-https/truststore.jks");
ksp.setPassword("cspass");
ksp.setType("JKS");

KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword("cspass");
kmp.setKeyStore(ksp);

TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);

SSLContextParameters sslContextParameters = new SSLContextParameters();
        sslContextParameters.setKeyManagers(kmp);
        sslContextParameters.setTrustManagers(tmp);
        registry.put("sslContextParameters", sslContextParameters);

...
.inOut("cxfrs://" + "https://localhost:9001/services/B" + "?providers=#providers"
								+ "&sslContextParameters=#sslContextParameters&loggingFeatureEnabled=false")
...
{code}

By configuring SSL context parameters, you ensure that CXF will use the same socket factory so the keep alive cache can retrieve existing connections.

> Too many TLS connections opened when cxfrs calling a service via HTTPS
> ----------------------------------------------------------------------
>
>                 Key: CAMEL-19753
>                 URL: https://issues.apache.org/jira/browse/CAMEL-19753
>             Project: Camel
>          Issue Type: Task
>          Components: camel-cxf
>    Affects Versions: 3.20.6
>            Reporter: Xilai Dai
>            Assignee: Nicolas Filotto
>            Priority: Minor
>         Attachments: TLS_connections.png, test-cxfrs-https.zip, test-server.zip
>
>
> Given a simple route:
> {code}
> 	    from("timer:cTimer_1" + "?period=" + 1 + "&repeatCount=" + 200 + "&delay=" + 100)
> 				.setHeader(org.apache.camel.Exchange.HTTP_PATH, simple(""))
> 				.setHeader(org.apache.camel.Exchange.HTTP_METHOD, constant("GET"))
> 				.setHeader(org.apache.camel.Exchange.ACCEPT_CONTENT_TYPE, constant("application/json"))
> 				.inOut("cxfrs://" + "https://localhost:9001/services/B" + "?providers=#providers"
> 								+ "&loggingFeatureEnabled=false")
> 				.to("log:cxfrs_eval_demo_service.cLog_1" + "?level=WARN" + "&showAll=" + true + "&multiline=" + true); 
> {code}
> there are many TLS connections opened when running this route.
> whereas, the camel-http as a provider works as expected (only few TLS connections opened as expected)
> {code}
> 	from("timer:cTimer_2" + "?period=" + 1 + "&repeatCount=" + 200 + "&delay=" + 100)
> 				.setHeader("CamelHttpMethod", constant("GET"))
> 				.to("https://localhost:9001/services/B")
> 				.to("log:cxfrs_eval_demo_service.cLog_1" + "?level=WARN" + "&showAll=" + true + "&multiline=" + true);  
> {code}
> Attached test-cxfrs-https.zip , test-server.zip for easily reproduce the issue.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)