Andrea Cosentino created CAMEL-23263:
----------------------------------------
Summary: Camel-Netty: Make SSL fallback path PQC-capable with
TLSv1.3 and named groups auto-configuration
Key: CAMEL-23263
URL: https://issues.apache.org/jira/browse/CAMEL-23263
Project: Camel
Issue Type: Improvement
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
Fix For: 4.19.0
When users configure camel-netty with SSL using
keyStoreResource/trustStoreResource directly (without SSLContextParameters),
the SSLEngineFactory fallback path
hardcodes SSL_PROTOCOL = "TLS" and bypasses PQC named groups configuration
entirely. This prevents post-quantum key exchange (e.g., X25519MLKEM768) even
on JDK 25+
where it is available, while the SSLContextParameters path already supports PQC
auto-configuration since Camel 4.19.
This change upgrades the fallback path to use TLSv1.3, adds PQC named groups
auto-configuration matching the SSLContextParameters behavior, and logs a
recommendation
to migrate to SSLContextParameters for full PQC control.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
