-
Bug
-
Resolution: Unresolved
-
Critical
-
fuse-7.11-GA
-
None
-
False
-
None
-
False
-
%
-
-
Todo
-
-
-
Important
-
Very Likely
A CXF endpoint has been configured using http undertow transport:
<httpu:engine-factory bus="cxf"> <httpu:engine port="9500" host="0.0.0.0"> <httpu:tlsServerParameters secureSocketProtocol="TLSv1.3"> <sec:keyManagers keyPassword="${ssl_keymanager_password}"> <sec:keyStore url="${ssl_keystore}" password="${ssl_keystore_password}" type="JKS" /> </sec:keyManagers> <sec:trustManagers> <sec:keyStore url="${ssl_keystore}" password="${ssl_keystore_password}" type="JKS" /> </sec:trustManagers> <sec:clientAuthentication want="true" required="false" /> <sec:includeProtocols> <sec:includeProtocol>TLSv1.3</sec:includeProtocol> </sec:includeProtocols> <sec:excludeProtocols> <sec:excludeProtocol>SSLv2Hello</sec:excludeProtocol> <sec:excludeProtocol>SSLv3</sec:excludeProtocol> <sec:excludeProtocol>TLSv1</sec:excludeProtocol> <sec:excludeProtocol>TLSv1.1</sec:excludeProtocol> </sec:excludeProtocols> </httpu:tlsServerParameters> </httpu:engine> </httpu:engine-factory>
But the client supports TLS 1.3 can't connect to it due to the error:
javax.net.ssl.SSLHandshakeException: The client supported protocol versions [TLSv1.3] are not accepted by server preferences [TLS12]
