netty http component - SNI missing in SSL handshake

["Somvanshi, Ashitosh" <As...@dieboldnixdorf.com>]

Hello Support team,

We are using camel netty http component in order to connect to REST API.
Artifact : camel-netty-http version : 2.18.3
App server:  Web sphere

We are not able to send SNI/server name to server in client hello, which is required in our case so that server can send back appropriate certificates.
We have tried to set SNI like below but it's not working:
SSLContextClientParameters sslClient = new SSLContextClientParameters();
sslClient.setSniHostName(sniName);

SSLContextParameters scp = new SSLContextParameters();
scp.setClientParameters(sslClient);

NettyComponent nettyComponent = camelContext().getComponent("netty-http",NettyComponent.class);
nettyComponent.getConfiguration().setSslContextParameters(scp);

We can see below warnings in systemOut.log file related to server name:
[9/1/22 10:19:12:811 AST] 0000010d SystemOut     O javax.net.ssl|WARNING|01 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01 10:19:12.810 AST|Thread.java:1564|Unable to indicate server name
[9/1/22 10:19:12:813 AST] 0000010d SystemOut     O javax.net.ssl|FINE|01 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01 10:19:12.812 AST|Thread.java:1564|Ignore, context unavailable extension: server_name

Could you please support on this issue?

Thanks and Regards,
Ashitosh Somvanshi | PS CoE
Diebold Nixdorf
www.DieboldNixdorf.com<http://www.dieboldnixdorf.com/>

Re: netty http component - SNI missing in SSL handshake

[Claus Ibsen <cl...@gmail.com>]

Hi

Camel 2 is EOL and not actively supported.

You very likely need to dive into this yourself and try to find a solution.

If you have a chance to try latest Camel v3 and see if it works there or
not, and report back, then there is a chance you can get help and
we can make it work on latest Camel v3 and you can then try to apply that
solution to your Camel v2 yourself.


On Mon, Sep 5, 2022 at 5:24 PM Somvanshi, Ashitosh <
Ashitosh.Somvanshi@dieboldnixdorf.com> wrote:

> Hello Support team,
>
> We are using camel netty http component in order to connect to REST API.
> Artifact : camel-netty-http version : 2.18.3
> App server:  Web sphere
>
> We are not able to send SNI/server name to server in client hello, which
> is required in our case so that server can send back appropriate
> certificates.
> We have tried to set SNI like below but it's not working:
> SSLContextClientParameters sslClient = new SSLContextClientParameters();
> sslClient.setSniHostName(sniName);
>
> SSLContextParameters scp = new SSLContextParameters();
> scp.setClientParameters(sslClient);
>
> NettyComponent nettyComponent =
> camelContext().getComponent("netty-http",NettyComponent.class);
> nettyComponent.getConfiguration().setSslContextParameters(scp);
>
> We can see below warnings in systemOut.log file related to server name:
> [9/1/22 10:19:12:811 AST] 0000010d SystemOut     O
> javax.net.ssl|WARNING|01
> 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01
> 10:19:12.810 AST|Thread.java:1564|Unable to indicate server name
> [9/1/22 10:19:12:813 AST] 0000010d SystemOut     O javax.net.ssl|FINE|01
> 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01
> 10:19:12.812 AST|Thread.java:1564|Ignore, context unavailable extension:
> server_name
>
> Could you please support on this issue?
>
> Thanks and Regards,
> Ashitosh Somvanshi | PS CoE
> Diebold Nixdorf
> www.DieboldNixdorf.com<http://www.dieboldnixdorf.com/>
>
>

-- 
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2

Re: netty http component - SNI missing in SSL handshake

[Zoran Regvart <zo...@regvart.com>]

Hi Ashitosh,
also make sure that you're using latest Java version, for example if
you're using Java 1.8 you might be running into this issue:

https://bugs.openjdk.org/browse/JDK-8144566

zoran

On Mon, Sep 5, 2022 at 5:24 PM Somvanshi, Ashitosh
<As...@dieboldnixdorf.com> wrote:
>
> Hello Support team,
>
> We are using camel netty http component in order to connect to REST API.
> Artifact : camel-netty-http version : 2.18.3
> App server:  Web sphere
>
> We are not able to send SNI/server name to server in client hello, which is required in our case so that server can send back appropriate certificates.
> We have tried to set SNI like below but it's not working:
> SSLContextClientParameters sslClient = new SSLContextClientParameters();
> sslClient.setSniHostName(sniName);
>
> SSLContextParameters scp = new SSLContextParameters();
> scp.setClientParameters(sslClient);
>
> NettyComponent nettyComponent = camelContext().getComponent("netty-http",NettyComponent.class);
> nettyComponent.getConfiguration().setSslContextParameters(scp);
>
> We can see below warnings in systemOut.log file related to server name:
> [9/1/22 10:19:12:811 AST] 0000010d SystemOut     O javax.net.ssl|WARNING|01 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01 10:19:12.810 AST|Thread.java:1564|Unable to indicate server name
> [9/1/22 10:19:12:813 AST] 0000010d SystemOut     O javax.net.ssl|FINE|01 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01 10:19:12.812 AST|Thread.java:1564|Ignore, context unavailable extension: server_name
>
> Could you please support on this issue?
>
> Thanks and Regards,
> Ashitosh Somvanshi | PS CoE
> Diebold Nixdorf
> www.DieboldNixdorf.com<http://www.dieboldnixdorf.com/>
>


-- 
Zoran Regvart

Re: netty http component - SNI missing in SSL handshake

[Chirag <ch...@gmail.com>]

Ashitosh,

you are more likely to get answers if you are able to validate if the
issue is present in a higher version of netty connector.  Having said
that, your application architecture is very advanced as you seem to
use webSphere, akka and camel. Since IBM supports webSphere and can
also provide support for Camel (Referring to response from Claus),
have you asked IBM?

Issue may not be so much of Camel, but netty itself. see
https://github.com/netty/netty project where you may find SNI related
issues and fixes (https://github.com/netty/netty/issues/9643). You may
have to identify if the problem lies in Netty and if you can port fix
to version of netty library used in your application.

Lastly, you can always modify OSS code and create a version that works
for your needs.

ચિરાગ/चिराग/Chirag
------------------------------------------
Sent from My Gmail Account

On Thu, Sep 15, 2022 at 9:54 AM Somvanshi, Ashitosh
<As...@dieboldnixdorf.com> wrote:
>
> Hello Miranda,
>
> Thank you so much for your response. Unfortunately we cannot upgrade to latest version because of application compatibility, currently we are using 2.18.3.
> Is there any way to ask netty to not to force SSL and let app server(web sphere) handle SSL. I am asking this because in same application we are using nimbus library for OAuth, where SSL is handled by web sphere, we just configure URL in application. In this case server name is going in client hello, so can we do same with netty as well?
>
>
> Regards,
> Ashitosh Somvanshi
>
> From: Claudio Miranda <cl...@claudius.com.br>
> Sent: Thursday, September 15, 2022 4:30 PM
> To: users@camel.apache.org
> Cc: Claus Ibsen <cl...@gmail.com>; Somvanshi, Ashitosh <As...@dieboldnixdorf.com>
> Subject: Re: netty http component - SNI missing in SSL handshake
>
> On Thu, Sep 15, 2022 at 7: 00 AM Bheda, Nitesh <Nitesh. Bheda@ dieboldnixdorf. com> wrote: > > Artifact : camel-netty-http version : 2. 18. 3 Can you try a more recent version, see https: //urldefense. proofpoint. com/v2/url?u=https-3A__camel. apache. org_download_&d=DwIBaQ&c=7my1DiYA8Epq5UwiA7n6nQ&r=anbIU-AWNbNwN9mk1yXNKHQ9fLiQrfEwRFpEUpkPBYnjcGlTYVI8mBzvjeDV8gkk&m=_RIn8CSLLlB7Xsx72ubcffFbyLlM_wy22SsbW0Dxe7EYG0BrMrOKjvhhu0IMsVZ2&s=wuFjxJb4mujYBTForV1ny3UeXBCP0wNBHWqZ3EeEpcw&e=
>
>
> On Thu, Sep 15, 2022 at 7:00 AM Bheda, Nitesh
>
> <Ni...@dieboldnixdorf.com>> wrote:
>
> >
>
> >  Artifact : camel-netty-http version : 2.18.3
>
>
>
> Can you try a more recent version, see https://urldefense.proofpoint.com/v2/url?u=https-3A__camel.apache.org_download_&d=DwIBaQ&c=7my1DiYA8Epq5UwiA7n6nQ&r=anbIU-AWNbNwN9mk1yXNKHQ9fLiQrfEwRFpEUpkPBYnjcGlTYVI8mBzvjeDV8gkk&m=_RIn8CSLLlB7Xsx72ubcffFbyLlM_wy22SsbW0Dxe7EYG0BrMrOKjvhhu0IMsVZ2&s=wuFjxJb4mujYBTForV1ny3UeXBCP0wNBHWqZ3EeEpcw&e=
>
> Try it on a dev machine, if it is fixed on it.
>
>
>
> --
>
>   Claudio Miranda
>
>
>
> claudio@claudius.com.br<ma...@claudius.com.br>
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.claudius.com.br&d=DwIBaQ&c=7my1DiYA8Epq5UwiA7n6nQ&r=anbIU-AWNbNwN9mk1yXNKHQ9fLiQrfEwRFpEUpkPBYnjcGlTYVI8mBzvjeDV8gkk&m=_RIn8CSLLlB7Xsx72ubcffFbyLlM_wy22SsbW0Dxe7EYG0BrMrOKjvhhu0IMsVZ2&s=nAEG5GdA8AUdMHvNtorc6jlRG3FbO-3vRzY0lG1nzz0&e=

RE: netty http component - SNI missing in SSL handshake

["Somvanshi, Ashitosh" <As...@dieboldnixdorf.com>]

Hello Miranda,

Thank you so much for your response. Unfortunately we cannot upgrade to latest version because of application compatibility, currently we are using 2.18.3.
Is there any way to ask netty to not to force SSL and let app server(web sphere) handle SSL. I am asking this because in same application we are using nimbus library for OAuth, where SSL is handled by web sphere, we just configure URL in application. In this case server name is going in client hello, so can we do same with netty as well?


Regards,
Ashitosh Somvanshi

From: Claudio Miranda <cl...@claudius.com.br>
Sent: Thursday, September 15, 2022 4:30 PM
To: users@camel.apache.org
Cc: Claus Ibsen <cl...@gmail.com>; Somvanshi, Ashitosh <As...@dieboldnixdorf.com>
Subject: Re: netty http component - SNI missing in SSL handshake

On Thu, Sep 15, 2022 at 7: 00 AM Bheda, Nitesh <Nitesh. Bheda@ dieboldnixdorf. com> wrote: > > Artifact : camel-netty-http version : 2. 18. 3 Can you try a more recent version, see https: //urldefense. proofpoint. com/v2/url?u=https-3A__camel. apache. org_download_&d=DwIBaQ&c=7my1DiYA8Epq5UwiA7n6nQ&r=anbIU-AWNbNwN9mk1yXNKHQ9fLiQrfEwRFpEUpkPBYnjcGlTYVI8mBzvjeDV8gkk&m=_RIn8CSLLlB7Xsx72ubcffFbyLlM_wy22SsbW0Dxe7EYG0BrMrOKjvhhu0IMsVZ2&s=wuFjxJb4mujYBTForV1ny3UeXBCP0wNBHWqZ3EeEpcw&e=


On Thu, Sep 15, 2022 at 7:00 AM Bheda, Nitesh

<Ni...@dieboldnixdorf.com>> wrote:

>

>  Artifact : camel-netty-http version : 2.18.3



Can you try a more recent version, see https://urldefense.proofpoint.com/v2/url?u=https-3A__camel.apache.org_download_&d=DwIBaQ&c=7my1DiYA8Epq5UwiA7n6nQ&r=anbIU-AWNbNwN9mk1yXNKHQ9fLiQrfEwRFpEUpkPBYnjcGlTYVI8mBzvjeDV8gkk&m=_RIn8CSLLlB7Xsx72ubcffFbyLlM_wy22SsbW0Dxe7EYG0BrMrOKjvhhu0IMsVZ2&s=wuFjxJb4mujYBTForV1ny3UeXBCP0wNBHWqZ3EeEpcw&e=

Try it on a dev machine, if it is fixed on it.



--

  Claudio Miranda



claudio@claudius.com.br<ma...@claudius.com.br>

https://urldefense.proofpoint.com/v2/url?u=http-3A__www.claudius.com.br&d=DwIBaQ&c=7my1DiYA8Epq5UwiA7n6nQ&r=anbIU-AWNbNwN9mk1yXNKHQ9fLiQrfEwRFpEUpkPBYnjcGlTYVI8mBzvjeDV8gkk&m=_RIn8CSLLlB7Xsx72ubcffFbyLlM_wy22SsbW0Dxe7EYG0BrMrOKjvhhu0IMsVZ2&s=nAEG5GdA8AUdMHvNtorc6jlRG3FbO-3vRzY0lG1nzz0&e=

Re: netty http component - SNI missing in SSL handshake

[Claudio Miranda <cl...@claudius.com.br>]

On Thu, Sep 15, 2022 at 7:00 AM Bheda, Nitesh
<Ni...@dieboldnixdorf.com> wrote:
>
>  Artifact : camel-netty-http version : 2.18.3

Can you try a more recent version, see https://camel.apache.org/download/
Try it on a dev machine, if it is fixed on it.

-- 
  Claudio Miranda

claudio@claudius.com.br
http://www.claudius.com.br

RE: netty http component - SNI missing in SSL handshake

[Daniel Langevin <da...@shq.gouv.qc.ca>]

Hi,

Is it possible to get more of your code stuff… may be I can help you.

If you want to call HTTPS rest services….
you have to set more stuff in SSLContextParameters, (like your certificate)  because netty won’t switch in https…



Daniel Langevin


De : Bheda, Nitesh <Ni...@dieboldnixdorf.com>
Envoyé : 15 septembre 2022 05:54
À : Claus Ibsen <cl...@gmail.com>; users@camel.apache.org; Somvanshi, Ashitosh <As...@dieboldnixdorf.com>
Objet : RE: netty http component - SNI missing in SSL handshake

Hello,

Thank you for your response.

Could you provide any specific DL/mail group which would be able to provide support to us?
We check the link below and can find the same DL group to whom we sent the email earlier.

Thanks & Regards,
Nitesh Bheda
Advanced Software Engineer | PS CoE
Diebold Nixdorf
Office: +91 22 66497669
Cell: +91 9833207610
www.DieboldNixdorf.com<https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dieboldnixdorf.com%2F&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325507055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=t3dAnByShYwf96K4wjfubzPvnpDTSs6s0DTCrrfCKf0%3D&reserved=0>

Holiday Alert:
Vacation Alert:

[cid:image001.png@01D8C917.1B089E10]<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fdiebold%2F&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325507055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=TiYtWqnYK1ECkJNYgzMsFor6dl%2BvxhanAdQV67HTDYY%3D&reserved=0>   [cid:image002.png@01D8C917.1B089E10] <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdieboldnixdorf&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325507055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Ht3SNy2C%2FvKUB34Cjq9kATdtMiOE95zuaQM84bVvy8g%3D&reserved=0>    [cid:image003.jpg@01D8C917.1B089E10] <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2FDieboldNixdorf&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325507055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AEqq6niAZvSh9YTQ5VEb248GkXH5sXii2agaEP8sU1A%3D&reserved=0>    [cid:image004.png@01D8C917.1B089E10] <https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FDieboldNixdorf%2F&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325507055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=e8fY6Of0ZAawvUgld4CwfVBwrzviIVFtsgSqtJjy9kY%3D&reserved=0>


From: Claus Ibsen <cl...@gmail.com>>
Sent: 08 September 2022 17:49
To: users@camel.apache.org<ma...@camel.apache.org>
Cc: Bheda, Nitesh <Ni...@dieboldnixdorf.com>>
Subject: Re: netty http component - SNI missing in SSL handshake

Hi This is community support and volunteer based. You are using an old EOL Camel version, so chances for help are lower. There is commercial support for people that need this kind of support level https: //camel. apache. org/manual/commercial-camel-offerings. html

Hi

This is community support and volunteer based.
You are using an old EOL Camel version, so chances for help are lower.

There is commercial support for people that need this kind of support level
https://camel.apache.org/manual/commercial-camel-offerings.html<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__camel.apache.org_manual_commercial-2Dcamel-2Dofferings.html%26d%3DDwMFaQ%26c%3D7my1DiYA8Epq5UwiA7n6nQ%26r%3DIGvDFcZsyZEjrQY_gKzo_Z41guGjq6GnfqF0WHm00ME%26m%3Dl5gRM9KWO8CjGhISW3yjhu1sHGcIr9pR3R7zy-pesVz75UEgt18wD9nLIfNrLCK4%26s%3D2T3Qe94_LMdK30v86gdZgx1pzdOwy15rW8xblo5dU00%26e%3D&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325507055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=fDJ%2FQUgoyAu%2BJRpI5CTpCiPvUkJ468io5%2BlMxZs4x6E%3D&reserved=0>


On Thu, Sep 8, 2022 at 2:15 PM Somvanshi, Ashitosh <As...@dieboldnixdorf.com>> wrote:
Hello Team,

Can we expect any support here or at least an acknowledgement?


Thanks and Regards,
Ashitosh Somvanshi | PS CoE
Diebold Nixdorf
www.DieboldNixdorf.com<https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dieboldnixdorf.com%2F&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325507055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=t3dAnByShYwf96K4wjfubzPvnpDTSs6s0DTCrrfCKf0%3D&reserved=0><http://www.dieboldnixdorf.com/<https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dieboldnixdorf.com%2F&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325507055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=t3dAnByShYwf96K4wjfubzPvnpDTSs6s0DTCrrfCKf0%3D&reserved=0>>

From: Somvanshi, Ashitosh
Sent: Monday, September 5, 2022 8:52 PM
To: users@camel.apache.org<ma...@camel.apache.org>
Cc: Bheda, Nitesh <Ni...@dieboldnixdorf.com>>
Subject: netty http component - SNI missing in SSL handshake

Hello Support team,

We are using camel netty http component in order to connect to REST API.
Artifact : camel-netty-http version : 2.18.3
App server:  Web sphere

We are not able to send SNI/server name to server in client hello, which is required in our case so that server can send back appropriate certificates.
We have tried to set SNI like below but it's not working:
SSLContextClientParameters sslClient = new SSLContextClientParameters();
sslClient.setSniHostName(sniName);

SSLContextParameters scp = new SSLContextParameters();
scp.setClientParameters(sslClient);

NettyComponent nettyComponent = camelContext().getComponent("netty-http",NettyComponent.class);
nettyComponent.getConfiguration().setSslContextParameters(scp);

We can see below warnings in systemOut.log file related to server name:
[9/1/22 10:19:12:811 AST] 0000010d SystemOut     O javax.net.ssl|WARNING|01 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01 10:19:12.810 AST|Thread.java:1564|Unable to indicate server name
[9/1/22 10:19:12:813 AST] 0000010d SystemOut     O javax.net.ssl|FINE|01 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01 10:19:12.812 AST|Thread.java:1564|Ignore, context unavailable extension: server_name

Could you please support on this issue?

Thanks and Regards,
Ashitosh Somvanshi | PS CoE
Diebold Nixdorf
www.DieboldNixdorf.com<https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dieboldnixdorf.com%2F&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325507055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=t3dAnByShYwf96K4wjfubzPvnpDTSs6s0DTCrrfCKf0%3D&reserved=0><http://www.dieboldnixdorf.com/<https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dieboldnixdorf.com%2F&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325507055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=t3dAnByShYwf96K4wjfubzPvnpDTSs6s0DTCrrfCKf0%3D&reserved=0>>


--
Claus Ibsen
-----------------
http://davsclaus.com<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__davsclaus.com%26d%3DDwMFaQ%26c%3D7my1DiYA8Epq5UwiA7n6nQ%26r%3DIGvDFcZsyZEjrQY_gKzo_Z41guGjq6GnfqF0WHm00ME%26m%3Dl5gRM9KWO8CjGhISW3yjhu1sHGcIr9pR3R7zy-pesVz75UEgt18wD9nLIfNrLCK4%26s%3DORRO9Q7fynph33x7jURN0_cA2m-PT4P_JrDCIsa5ZSM%26e%3D&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325663279%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=wzK2M%2FeHygf3YRr%2F7soS1ohVzjSvp5XQW4A872EjojA%3D&reserved=0> @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2<https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.manning.com_ibsen2%26d%3DDwMFaQ%26c%3D7my1DiYA8Epq5UwiA7n6nQ%26r%3DIGvDFcZsyZEjrQY_gKzo_Z41guGjq6GnfqF0WHm00ME%26m%3Dl5gRM9KWO8CjGhISW3yjhu1sHGcIr9pR3R7zy-pesVz75UEgt18wD9nLIfNrLCK4%26s%3D5wjXEHqmXLpCwBwg4PkvXNrCqgGpljMLCZNSjdWs_Ok%26e%3D&data=05%7C01%7Cdaniel.langevin%40shq.gouv.qc.ca%7Cda0b10cf80574c2f979608da97013e21%7C8377d97d01504e07b82ad67c55dc2c05%7C0%7C0%7C637988329325663279%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=WBMFOQH8Fa15l2DNYmBJh39TfOlDikdHxw4o%2FRykFHw%3D&reserved=0>

RE: netty http component - SNI missing in SSL handshake

["Bheda, Nitesh" <Ni...@dieboldnixdorf.com>]

Hello,

Thank you for your response.

Could you provide any specific DL/mail group which would be able to provide support to us?
We check the link below and can find the same DL group to whom we sent the email earlier.

Thanks & Regards,
Nitesh Bheda
Advanced Software Engineer | PS CoE
Diebold Nixdorf
Office: +91 22 66497669
Cell: +91 9833207610
www.DieboldNixdorf.com<http://www.dieboldnixdorf.com/>

Holiday Alert:
Vacation Alert:

[cid:image001.png@01D8C917.1B089E10]<https://www.linkedin.com/company/diebold/>   [cid:image002.png@01D8C917.1B089E10] <https://twitter.com/dieboldnixdorf>    [cid:image003.jpg@01D8C917.1B089E10] <https://www.youtube.com/DieboldNixdorf>    [cid:image004.png@01D8C917.1B089E10] <https://www.facebook.com/DieboldNixdorf/>


From: Claus Ibsen <cl...@gmail.com>
Sent: 08 September 2022 17:49
To: users@camel.apache.org
Cc: Bheda, Nitesh <Ni...@dieboldnixdorf.com>
Subject: Re: netty http component - SNI missing in SSL handshake

Hi This is community support and volunteer based. You are using an old EOL Camel version, so chances for help are lower. There is commercial support for people that need this kind of support level https: //camel. apache. org/manual/commercial-camel-offerings. html

Hi

This is community support and volunteer based.
You are using an old EOL Camel version, so chances for help are lower.

There is commercial support for people that need this kind of support level
https://camel.apache.org/manual/commercial-camel-offerings.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__camel.apache.org_manual_commercial-2Dcamel-2Dofferings.html&d=DwMFaQ&c=7my1DiYA8Epq5UwiA7n6nQ&r=IGvDFcZsyZEjrQY_gKzo_Z41guGjq6GnfqF0WHm00ME&m=l5gRM9KWO8CjGhISW3yjhu1sHGcIr9pR3R7zy-pesVz75UEgt18wD9nLIfNrLCK4&s=2T3Qe94_LMdK30v86gdZgx1pzdOwy15rW8xblo5dU00&e=>


On Thu, Sep 8, 2022 at 2:15 PM Somvanshi, Ashitosh <As...@dieboldnixdorf.com>> wrote:
Hello Team,

Can we expect any support here or at least an acknowledgement?


Thanks and Regards,
Ashitosh Somvanshi | PS CoE
Diebold Nixdorf
www.DieboldNixdorf.com<http://www.DieboldNixdorf.com><http://www.dieboldnixdorf.com/>

From: Somvanshi, Ashitosh
Sent: Monday, September 5, 2022 8:52 PM
To: users@camel.apache.org<ma...@camel.apache.org>
Cc: Bheda, Nitesh <Ni...@dieboldnixdorf.com>>
Subject: netty http component - SNI missing in SSL handshake

Hello Support team,

We are using camel netty http component in order to connect to REST API.
Artifact : camel-netty-http version : 2.18.3
App server:  Web sphere

We are not able to send SNI/server name to server in client hello, which is required in our case so that server can send back appropriate certificates.
We have tried to set SNI like below but it's not working:
SSLContextClientParameters sslClient = new SSLContextClientParameters();
sslClient.setSniHostName(sniName);

SSLContextParameters scp = new SSLContextParameters();
scp.setClientParameters(sslClient);

NettyComponent nettyComponent = camelContext().getComponent("netty-http",NettyComponent.class);
nettyComponent.getConfiguration().setSslContextParameters(scp);

We can see below warnings in systemOut.log file related to server name:
[9/1/22 10:19:12:811 AST] 0000010d SystemOut     O javax.net.ssl|WARNING|01 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01 10:19:12.810 AST|Thread.java:1564|Unable to indicate server name
[9/1/22 10:19:12:813 AST] 0000010d SystemOut     O javax.net.ssl|FINE|01 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01 10:19:12.812 AST|Thread.java:1564|Ignore, context unavailable extension: server_name

Could you please support on this issue?

Thanks and Regards,
Ashitosh Somvanshi | PS CoE
Diebold Nixdorf
www.DieboldNixdorf.com<http://www.DieboldNixdorf.com><http://www.dieboldnixdorf.com/>


--
Claus Ibsen
-----------------
http://davsclaus.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__davsclaus.com&d=DwMFaQ&c=7my1DiYA8Epq5UwiA7n6nQ&r=IGvDFcZsyZEjrQY_gKzo_Z41guGjq6GnfqF0WHm00ME&m=l5gRM9KWO8CjGhISW3yjhu1sHGcIr9pR3R7zy-pesVz75UEgt18wD9nLIfNrLCK4&s=ORRO9Q7fynph33x7jURN0_cA2m-PT4P_JrDCIsa5ZSM&e=> @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.manning.com_ibsen2&d=DwMFaQ&c=7my1DiYA8Epq5UwiA7n6nQ&r=IGvDFcZsyZEjrQY_gKzo_Z41guGjq6GnfqF0WHm00ME&m=l5gRM9KWO8CjGhISW3yjhu1sHGcIr9pR3R7zy-pesVz75UEgt18wD9nLIfNrLCK4&s=5wjXEHqmXLpCwBwg4PkvXNrCqgGpljMLCZNSjdWs_Ok&e=>

Re: netty http component - SNI missing in SSL handshake

[Claus Ibsen <cl...@gmail.com>]

Hi

This is community support and volunteer based.
You are using an old EOL Camel version, so chances for help are lower.

There is commercial support for people that need this kind of support level
https://camel.apache.org/manual/commercial-camel-offerings.html


On Thu, Sep 8, 2022 at 2:15 PM Somvanshi, Ashitosh <
Ashitosh.Somvanshi@dieboldnixdorf.com> wrote:

> Hello Team,
>
> Can we expect any support here or at least an acknowledgement?
>
>
> Thanks and Regards,
> Ashitosh Somvanshi | PS CoE
> Diebold Nixdorf
> www.DieboldNixdorf.com<http://www.dieboldnixdorf.com/>
>
> From: Somvanshi, Ashitosh
> Sent: Monday, September 5, 2022 8:52 PM
> To: users@camel.apache.org
> Cc: Bheda, Nitesh <Ni...@dieboldnixdorf.com>
> Subject: netty http component - SNI missing in SSL handshake
>
> Hello Support team,
>
> We are using camel netty http component in order to connect to REST API.
> Artifact : camel-netty-http version : 2.18.3
> App server:  Web sphere
>
> We are not able to send SNI/server name to server in client hello, which
> is required in our case so that server can send back appropriate
> certificates.
> We have tried to set SNI like below but it's not working:
> SSLContextClientParameters sslClient = new SSLContextClientParameters();
> sslClient.setSniHostName(sniName);
>
> SSLContextParameters scp = new SSLContextParameters();
> scp.setClientParameters(sslClient);
>
> NettyComponent nettyComponent =
> camelContext().getComponent("netty-http",NettyComponent.class);
> nettyComponent.getConfiguration().setSslContextParameters(scp);
>
> We can see below warnings in systemOut.log file related to server name:
> [9/1/22 10:19:12:811 AST] 0000010d SystemOut     O
> javax.net.ssl|WARNING|01
> 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01
> 10:19:12.810 AST|Thread.java:1564|Unable to indicate server name
> [9/1/22 10:19:12:813 AST] 0000010d SystemOut     O javax.net.ssl|FINE|01
> 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01
> 10:19:12.812 AST|Thread.java:1564|Ignore, context unavailable extension:
> server_name
>
> Could you please support on this issue?
>
> Thanks and Regards,
> Ashitosh Somvanshi | PS CoE
> Diebold Nixdorf
> www.DieboldNixdorf.com<http://www.dieboldnixdorf.com/>
>
>

-- 
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2

RE: netty http component - SNI missing in SSL handshake

["Somvanshi, Ashitosh" <As...@dieboldnixdorf.com>]

Hello Team,

Can we expect any support here or at least an acknowledgement?


Thanks and Regards,
Ashitosh Somvanshi | PS CoE
Diebold Nixdorf
www.DieboldNixdorf.com<http://www.dieboldnixdorf.com/>

From: Somvanshi, Ashitosh
Sent: Monday, September 5, 2022 8:52 PM
To: users@camel.apache.org
Cc: Bheda, Nitesh <Ni...@dieboldnixdorf.com>
Subject: netty http component - SNI missing in SSL handshake

Hello Support team,

We are using camel netty http component in order to connect to REST API.
Artifact : camel-netty-http version : 2.18.3
App server:  Web sphere

We are not able to send SNI/server name to server in client hello, which is required in our case so that server can send back appropriate certificates.
We have tried to set SNI like below but it's not working:
SSLContextClientParameters sslClient = new SSLContextClientParameters();
sslClient.setSniHostName(sniName);

SSLContextParameters scp = new SSLContextParameters();
scp.setClientParameters(sslClient);

NettyComponent nettyComponent = camelContext().getComponent("netty-http",NettyComponent.class);
nettyComponent.getConfiguration().setSslContextParameters(scp);

We can see below warnings in systemOut.log file related to server name:
[9/1/22 10:19:12:811 AST] 0000010d SystemOut     O javax.net.ssl|WARNING|01 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01 10:19:12.810 AST|Thread.java:1564|Unable to indicate server name
[9/1/22 10:19:12:813 AST] 0000010d SystemOut     O javax.net.ssl|FINE|01 0D|ActorSystem-JsonHostSP-akka.actor.default-dispatcher-2|2022-09-01 10:19:12.812 AST|Thread.java:1564|Ignore, context unavailable extension: server_name

Could you please support on this issue?

Thanks and Regards,
Ashitosh Somvanshi | PS CoE
Diebold Nixdorf
www.DieboldNixdorf.com<http://www.dieboldnixdorf.com/>