[
https://issues.apache.org/jira/browse/CAMEL-23263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Claus Ibsen resolved CAMEL-23263.
---------------------------------
Resolution: Fixed
> Camel-Netty: Make SSL fallback path PQC-capable with TLSv1.3 and named groups
> auto-configuration
> ------------------------------------------------------------------------------------------------
>
> Key: CAMEL-23263
> URL: https://issues.apache.org/jira/browse/CAMEL-23263
> Project: Camel
> Issue Type: Improvement
> Components: camel-netty
> Reporter: Andrea Cosentino
> Assignee: Andrea Cosentino
> Priority: Major
> Fix For: 4.19.0
>
>
> When users configure camel-netty with SSL using
> keyStoreResource/trustStoreResource directly (without SSLContextParameters),
> the SSLEngineFactory fallback path
> hardcodes SSL_PROTOCOL = "TLS" and bypasses PQC named groups configuration
> entirely. This prevents post-quantum key exchange (e.g., X25519MLKEM768) even
> on JDK 25+
> where it is available, while the SSLContextParameters path already supports
> PQC auto-configuration since Camel 4.19.
> This change upgrades the fallback path to use TLSv1.3, adds PQC named groups
> auto-configuration matching the SSLContextParameters behavior, and logs a
> recommendation
> to migrate to SSLContextParameters for full PQC control.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
