[
https://issues.apache.org/jira/browse/CAMEL-19753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17760822#comment-17760822
]
Nicolas Filotto commented on CAMEL-19753:
-----------------------------------------
Hi [~xldai], thank you very much for the ticket and the reproducer. By default
in CXF, if no socket factory has been configured, a new socket factory is
created for each request, preventing the keep alive cache of the HTTP client of
the JDK from reusing existing connections.
To fix the problem, you need to configure {{SSLContextParameters}} in your
route, something like:
{code:java}
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("file://Users/nicolasfilotto/test/CAMEL-19753/test-cxfrs-https/truststore.jks");
ksp.setPassword("cspass");
ksp.setType("JKS");
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword("cspass");
kmp.setKeyStore(ksp);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);
registry.put("sslContextParameters", sslContextParameters);
...
.inOut("cxfrs://" + "https://localhost:9001/services/B"; +
"?providers=#providers"
+
"&sslContextParameters=#sslContextParameters&loggingFeatureEnabled=false")
...
{code}
By configuring SSL context parameters, you ensure that CXF will use the same
socket factory so the keep alive cache can retrieve existing connections.
> Too many TLS connections opened when cxfrs calling a service via HTTPS
> ----------------------------------------------------------------------
>
> Key: CAMEL-19753
> URL: https://issues.apache.org/jira/browse/CAMEL-19753
> Project: Camel
> Issue Type: Task
> Components: camel-cxf
> Affects Versions: 3.20.6
> Reporter: Xilai Dai
> Assignee: Nicolas Filotto
> Priority: Minor
> Attachments: TLS_connections.png, test-cxfrs-https.zip,
> test-server.zip
>
>
> Given a simple route:
> {code}
> from("timer:cTimer_1" + "?period=" + 1 + "&repeatCount=" + 200 +
> "&delay=" + 100)
> .setHeader(org.apache.camel.Exchange.HTTP_PATH,
> simple(""))
>
> .setHeader(org.apache.camel.Exchange.HTTP_METHOD, constant("GET"))
>
> .setHeader(org.apache.camel.Exchange.ACCEPT_CONTENT_TYPE,
> constant("application/json"))
> .inOut("cxfrs://" +
> "https://localhost:9001/services/B"; + "?providers=#providers"
> +
> "&loggingFeatureEnabled=false")
> .to("log:cxfrs_eval_demo_service.cLog_1" +
> "?level=WARN" + "&showAll=" + true + "&multiline=" + true);
> {code}
> there are many TLS connections opened when running this route.
> whereas, the camel-http as a provider works as expected (only few TLS
> connections opened as expected)
> {code}
> from("timer:cTimer_2" + "?period=" + 1 + "&repeatCount=" + 200 +
> "&delay=" + 100)
> .setHeader("CamelHttpMethod", constant("GET"))
> .to("https://localhost:9001/services/B";)
> .to("log:cxfrs_eval_demo_service.cLog_1" +
> "?level=WARN" + "&showAll=" + true + "&multiline=" + true);
> {code}
> Attached test-cxfrs-https.zip , test-server.zip for easily reproduce the
> issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
