[PR] CAMEL-23445: camel-elasticsearch-rest-client - Add SSLContextParameters support for TLS configuration [camel]

Thu, 11 Jun 2026 09:36:01 -0700 


oscerd opened a new pull request, #23967:
URL: https://github.com/apache/camel/pull/23967

   # CAMEL-23445: camel-elasticsearch-rest-client - Add SSLContextParameters 
support for TLS configuration
   
   ## What
   
   Adds `SSLContextParameters` support to `camel-elasticsearch-rest-client` so 
users can configure fine-grained TLS settings — named groups, signature 
schemes, cipher suites and protocols — instead of relying solely on the CA-only 
`certificatePath` option. This enables, for example, post-quantum named groups 
such as `X25519MLKEM768` on JDK 25+.
   
   Previously `ElasticsearchRestClientProducer` created the `SSLContext` 
directly via `SSLContext.getInstance("TLSv1.3")` from a CA certificate, with no 
hook for `SSLContextParameters`.
   
   ## Changes
   
   - `ElasticsearchRestClientComponent` now implements 
`SSLContextParametersAware`, exposing `sslContextParameters` and 
`useGlobalSslContextParameters` (with global fallback wiring in 
`createEndpoint`).
   - `ElasticsearchRestClientEndpoint` gains an `sslContextParameters` URI 
parameter (`security` group).
   - `ElasticsearchRestClientProducer` builds the `SSLContext` from 
`SSLContextParameters` when configured; the existing `certificatePath` 
(self-signed CA) path is retained as a fallback.
   - The HTTP client config callback is now applied independently of basic-auth 
credentials, so TLS configuration is honored regardless of whether credentials 
are set (previously `certificatePath` was silently ignored when no 
`user`/`password` was configured).
   - Regenerated catalog + component/endpoint DSL metadata.
   
   ## Precedence
   
   Explicit `sslContextParameters` › global SSL context parameters (when 
`useGlobalSslContextParameters=true`) › `certificatePath` (CA-only).
   
   ## Tests
   
   New `ElasticsearchRestClientSslContextParametersTest` covers: component 
property round-trip, component→endpoint propagation, use of global parameters, 
and explicit-wins-over-global. Existing camel-elasticsearch-rest-client unit 
tests pass; full reactor build (`mvn clean install -DskipTests`) is green.
   
   ## Notes
   
   Completes the PQC-TLS sweep across the search components — mirrors 
CAMEL-23314 (camel-opensearch) and CAMEL-23444 (camel-elasticsearch). No new 
dependencies; no public API changes beyond the additive component/endpoint 
options.
   
   🤖 Generated with [Claude Code](https://claude.com/claude-code) on behalf of 
Andrea Cosentino
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to