You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by dvsridhar <da...@cgifederal.com> on 2012/12/10 18:51:10 UTC
Jetty component sslContextParametersRef is not working
I am using camel version 2.9.1.
We have routes that receives the request on camel servlet component and
using camel jetty provider option we forward those requests to various REST
providers. And also, we have FIPS TLS requirement to satisfy.
To satisfy the above stated requirement, I set up the client parameters
secure protocols to the following.
I tried both spring config as well as JSSE configuration both seems to be
not working.
Configured spring configuration :
--------------------
<camel:camelContext id="fdx_routes_ctx">
<camel:packageScan>
<camel:package>com.cgi.fdx.route</camel:package>
</camel:packageScan>
<camel:routeBuilder ref="momentumRoutes" />
</camel:camelContext>
<camel:sslContextParameters id="fdxSSLContextParameters">
<camel:clientParameters>
<camel:secureSocketProtocols>
<camel:secureSocketProtocol>SSLv3</camel:secureSocketProtocol>
<camel:secureSocketProtocol>TLSv1</camel:secureSocketProtocol>
</camel:secureSocketProtocols>
</camel:clientParameters>
</camel:sslContextParameters>
<bean id="momentumRoutes" class="com.cgi.fdx.route.FDXRoutes"/>
We use the Java DSL and in FDXRoutes java class we tried referring the
fdxSSLContextParameters option using the sslContextParametersRef option in
the jetty URL.
Following are the samples.
>From URL:
---------------
servlet://Mom/Vendor/?matchOnUriPrefix=true&disableStreamCache=true&traceEnabled=true
To URL:
-------------
jetty:https://MYHOST:6081/FDX/Mom/Vendor/?sslContextParametersRef=fdxSSLContextParameters&bridgeEndpoint=true&throwExceptionOnFailure=false
Option 2:
So I tried setting the clientParameters parameters using the java way .
public void configure() throws Exception {
SSLContextParameters scp = new SSLContextParameters();
SSLContextClientParameters clientParameters=new
SSLContextClientParameters();
SecureSocketProtocolsParameters secureSocketProtocols=new
SecureSocketProtocolsParameters();
secureSocketProtocols.getSecureSocketProtocol().add("TLSv1");
secureSocketProtocols.getSecureSocketProtocol().add("SSLv3");
clientParameters.setSecureSocketProtocols(secureSocketProtocols);
scp.setClientParameters(clientParameters);
JettyHttpComponent jettyComponent = getContext().getComponent("jetty",
JettyHttpComponent.class);
jettyComponent.setSslContextParameters(scp);
}
and used above stated from and to URL's. Unfortunately, none of the
approaches worked.
Error
-------
SSL handshake is trying send a message on SSLv2Hello which is not supported
in FIPS, that's why I want to have control on the secure protocols.
Does any one know if this option works camel 2.9.1. Any help appreciated.
Thanks,
DVS
Error Log
---------
12:38:15,468 INFO [stdout] (CamelJettyClient(0x674d26c7)-102 Selector0)
Compression Methods: { 0 }
12:38:15,469 INFO [stdout] (CamelJettyClient(0x674d26c7)-102 Selector0)
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2,
secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1,
sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1,
secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1,
secp256k1}
12:38:15,470 INFO [stdout] (CamelJettyClient(0x674d26c7)-102 Selector0)
Extension ec_point_formats, formats: [uncompressed]
12:38:15,471 INFO [stdout] (CamelJettyClient(0x674d26c7)-102 Selector0) ***
12:38:15,471 INFO [stdout] (CamelJettyClient(0x674d26c7)-102 Selector0)
CamelJettyClient(0x674d26c7)-102 Selector0, WRITE: TLSv1 Handshake, length =
177
12:38:15,472 INFO [stdout] (CamelJettyClient(0x674d26c7)-102 Selector0)
CamelJettyClient(0x674d26c7)-102 Selector0, WRITE: SSLv2 client hello
message, length = 173
12:38:15,499 INFO [stdout] (http--0.0.0.0-6081-1) http--0.0.0.0-6081-1,
handling exception: javax.net.ssl.SSLHandshakeException: SSLv2Hello is
disabled
12:38:15,500 INFO [stdout] (http--0.0.0.0-6081-1) http--0.0.0.0-6081-1,
SEND TLSv1 ALERT: fatal, description = handshake_failure
--
View this message in context: http://camel.465427.n5.nabble.com/Jetty-component-sslContextParametersRef-is-not-working-tp5723840.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Jetty component sslContextParametersRef is not working
Posted by Claus Ibsen <cl...@gmail.com>.
Hi
I have fixed some other issues in camel-jetty recently in
https://issues.apache.org/jira/browse/CAMEL-5867
I did make a fix to SSL as well.
Can you try again with latest code from trunk/branch
http://camel.apache.org/source.html
http://camel.apache.org/building.html
On Tue, Dec 11, 2012 at 7:30 PM, dvsridhar
<da...@cgifederal.com> wrote:
> let me know if any of you need more clarification on the problem description.
> Thanks,
> DVS
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/Jetty-component-sslContextParametersRef-is-not-working-tp5723840p5723913.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
--
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
Re: Jetty component sslContextParametersRef is not working
Posted by dvsridhar <da...@cgifederal.com>.
let me know if any of you need more clarification on the problem description.
Thanks,
DVS
--
View this message in context: http://camel.465427.n5.nabble.com/Jetty-component-sslContextParametersRef-is-not-working-tp5723840p5723913.html
Sent from the Camel - Users mailing list archive at Nabble.com.