Simplified TLS Configuration in Apache Camel

As you can probably tell from some of my previous blog posts on the subject of security, I’ve spent some time mired deep in the muck that is TLS configuration in the JVM.  Over time, I have found that many libraries and frameworks provide poor support for customizing the finer points of TLS.  The greatest offenders simply support global configuration through the JSSE system properties.  Others allow you to specify a pre-configured SSLContext or SSLEngine but don’t allow you to easily configure the sockets that actually get used by the library or framework.  Still others provide a slew of configuration options, unique to the framework, that are used to instantiate an SSLContext for you.  While these solutions to configuring TLS are workable, they impose limitations on your application and require developers to learn different configuration mechanisms for every framework that they need to configure with TLS.

One of Camel’s greatest strengths is to abstract the complexity of framework boilerplate code away from one’s application.  Unfortunately, when it comes to TLS configuration, Camel just wasn’t doing enough to prevent developers needing to configure TLS for a component from having to implement framework specific interfaces, learn framework specific configuration options, and generally curse TLS and JSSE.  This observation coupled with a healthy does of frustration served as the impetuous for creating the JSSE Configuration Utility in Apache Camel.

The key goals of the configuration utility are:

  1. Provide a uniform framework for complete customization of JSSE/TLS configuration options from key stores, to algorithms, to protocols, to sockets.
  2. Provide an easy way to configure these options through code, Spring, and Blueprint.
  3. Provide extensibility to allow for the addition of future configuration options.
  4. Provide support for the configuration utility across a number of key networking related Camel components.

The JSSE Configuration Utility is available in Camel 2.8 and above.  You can read about the capabilities of the JSSE Configuration Utility and see a list of components with support for the utility on the Apache Camel Wiki.  Support for the new Camel Asynchronous HTTP Client component is planed for Camel 2.9.  If you are looking for an enterprise-ready, validated, and supported distribution of Apache Camel, try Fuse Mediation Router which is based on Apache Camel.

This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

1 Response to Simplified TLS Configuration in Apache Camel

  1. Pingback: Distributed Weekly 113 — Scott Banwart's Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s