We are using the latest community version of mendelson: Version 01/2021 mendelson opensource AS2 1.1 b59.
We have a partner that uses Basic Authentication apart from encryption and SSL verification, after debugging the connection using a reverse proxy we found out that the latest version of mendelson introduced a bug and isn´t adding the Basic Authentication header.
Apart from that, the hint is also confusing, if we disable the authentication configuration Mendelson displays the correct error message (error 401) but if we enable the authentication configuration the error is: "[ClientProtocolException]...Hint:This is a mainly a negotiation problem on the protocol level. Your partner rejected your connection.
Either your partner expected a secure connection (HTTPS) and you tried a raw connection (HTTP) or vice versa.
It is also possible that your partner expects an other SSL/TLS protocol version or cipher than you offer." even when the username and password are empty.
By using a reverse proxy we could detect that the problem was in the missing basic authentication header and were receiving an error 401.