Reputation: 8935
Apache Karaf starts with errors - protocol_version
I am using Java 1.7 and Apache Karaf 4.0.1. When I strat Karaf, I get the following:
| 26 - org.apache.karaf.deployer.features - 4.0.1 | Unable to install features java.io.IOException: Error resolving artifact org.apache.cxf.dosgi:cxf-dosgi:xml:features:1.7.0: Could not transfer artifact org.apache.cxf.dosgi:cxf-dosgi:xml:features:1.7.0 from/to central (https://repo.maven.apache.org/maven2/): Received fatal alert: protocol_version : mvn:org.apache.cxf.dosgi/cxf-dosgi/1.7.0/xml/features
Any ideas how I can fix this?
When I do the maven build, I try setting the TLS version:
export JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8 -Dhttps.protocols=TLSv1.2 -Xmx2048m -XX:MaxPermSize=1024m -Xms1024m"
export MAVEN_OPTS="-Dhttps.protocols=TLSv1.2"
mvn clean install -DskipTests -Dfile.encoding=UTF8 -Dhttps.protocols=TLSv1.2;
Upvotes: 1
Views: 391
Answers (1)
Reputation: 6237
First - you should really stop using JDK1.7
But I understand that you may have reasons - I had them too.
So - features deployer of Karaf uses pax-url-aether, which uses aether-resolver, which uses Apache http client 4.
"-Dhttps.protocols=TLSv1.2" system property can be used only to configure connections obtained using java.net.URL#openConnection() and it won't help here.
I was however able to contact TLS 1.2 repositories in such scenario, by using BouncyCastle security provider. You have to do few things:
- put bcprov-jdk15on-1.60.jar and bctls-jdk15on-1.60.jar into either $JAVA_HOME/jre/lib/ext or any other directory like
/path/to/extand use this directory in-Djava.ext.dirs=/path/to/extsystem property - prepare
java.policyfile by copying original$JAVA_HOME/jre/lib/security/java.securityand adding:
security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
and (at the bottom of this file):
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, SSLv2Hello, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
jdk.tls.client.protocols=TLSv1.2
With bouncy castle you should also NOT use -Dhttps.protocols=TLSv1.2
It worked for me and all TLS communication was done using BC provider.
EDIT: you can't use newer versions of Bouncycastle because of https://github.com/bcgit/bc-java/issues/557
Upvotes: 1
Related Questions
- Karaf never comes up with Java 11 and PAX-EXAM 4.13.1
- Apache Karaf - Unable to resolve root: missing requirement - caused by: Unable to resolve java-api
- Karaf doesn't start
- Karaf 3.0 is missing javax.validation requirement
- Karaf configuration
- Karaf 4.0.4: Custom distribution - karaf-maven-plugin
- apache karaf clean start
- Karaf start results Insufficient credentials
- Apache Karaf - bundle starts but does nothing?
- karaf 3.0.0, third party bundle javax.servlet dependency issue - requires [2.6.0,3.0.0)