Today I migrated a system from Karaf 4.3.7 to 4.4.1 and PAX-WEB 8.0.6.
I have defined in etc/org.ops4j.pax.web.cfg the following property:
org.ops4j.pax.web.ssl.protocols.included=TLSv1.2
However it seems that this property is no longer considered in PAX-WEB 8.
At startup with java 8 I get the following error
2022.08.03 05:34:11,248 [paxweb-config-3-thread-1 (change controller)] [ERROR] [Activator] Unable to start Pax Web server: TLSv1.3 SSLContext not available [] [ java.security.NoSuchAlgorithmException: TLSv1.3 SSLContext not available at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) at org.eclipse.jetty.util.ssl.SslContextFactory.getSSLContextInstance(SslContextFactory.java:1864) at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:316) at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323) at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) at org.eclipse.jetty.server.Server.doStart(Server.java:401) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73) at org.ops4j.pax.web.service.jetty.internal.JettyServerWrapper.start(JettyServerWrapper.java:623) at org.ops4j.pax.web.service.jetty.internal.JettyServerController.start(JettyServerController.java:109) at org.ops4j.pax.web.service.internal.Activator.performConfiguration(Activator.java:551) at org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:441) at org.ops4j.pax.web.service.internal.Activator.lambda$updateServerControllerFactory$1(Activator.java:347) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) ]
With the following properties in etc/org.ops4j.pax.web.cfg it starts:
org.ops4j.pax.web.ssl.protocol=TLSv1.2
is documented that org.ops4j.pax.web.ssl.protocol defaults to TLSv1.2. But I think this is not correct.
Regards
Richard