JSSE Utility
The JSSE Utility allows you to easily configure aspects of the Java Secure Socket Extension (JSSE) API in order to greatly simplify the use of custom transport layer security (TLS) settings on Camel components.
Supported Components
The following Camel components directly support the use of this configuration utility:
The following Camel components indirectly support the use of this configuration utility:
Configuration
The key component in configuring TLS through the JSSE API is the SSLContext. The SSLContext provides socket factories for both client-side and server-side sockets as well as another component called an SSLEngine that is used by non-blocking IO to support TLS. The JSSE configuration utility provides an easy to use builder for configuring these JSSE components, among others, in a manner that allows you to provide all configuration options up front during the initialization of your application such that you don't have to customize library code or dig though the inner workings of a third-party library in order to inject hooks for the configuration of each component in the JSSE API. The central builder in the JSSE configuration utility is the SSLContextParameters. This class serves as the entry point for most configuration in the JSSE utility.
SSLContextParameters
Note: All classes are in the org.apache.camel.util.jsse package and all Spring Namespace elements are in the ????? namespace.
Java Field Name and Class |
Spring Namespace Attribute/Element and Type |
Description |
---|---|---|
cipherSuites - CipherSuitesParameters |
sslContextParameters/ciphersuites - CipherSuitesParameters |
This optional property represents a collection of explicitly named cipher suites to enable on both the client and server side as well as in the SSLEngine. These values take precedence over filters supplied in cipherSuitesFilter. The utility attempts to enable the listed cipher suites regardless of whether or not the JSSE provider actually supports them or not. This behavior guarantees that listed cipher suites are always enabled when listed. For a more lenient option, use cipherSuitesFilter. |
cipherSuitesFilter - FilterParameters |
sslContextParameters/cipherSuitesFilter - FilterParameters |
This optional property represents a collection of include and exclude patterns for cipher suites to enable on both the client and server side as well as in the SSLEngine. The patterns are applied over only the available cipher suites. The exclude patterns have precedence over the include patterns. If no ciphersuites and no cipherSuitesFilter are present, the default patterns applied are:
|
secureSocketProtocols - SecureSocketProtocolsParameters |
sslContextParameters/secureSocketProtocols - SecureSocketProtocolsParameters |
This optional property represents a collection of explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on both the client and server side as well as in the SSLEngine. These values take precedence over filters supplied in secureSocketProtocolsFilter. The utility attempts to enable the listed protocols regardless of whether or not the JSSE provider actually supports them or not. This behavior guarantees that listed protocols aree always enabled when listed. For a more lenient option, use secureSocketProtocolsFilter. |
secureSocketProtocolsFilter - FilterParameters |
sslContextParameters/secureSocketProtocolsFilter - FilterParameters |
|
Integer sessionTimeout;
KeyManagersParameters keyManagers;
TrustManagersParameters trustManagers;
SecureRandomParameters secureRandom;
SSLContextClientParameters clientParameters;
SSLContextServerParameters serverParameters;