kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gwen Shapira (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (KAFKA-1684) Implement TLS/SSL authentication
Date Mon, 03 Aug 2015 21:14:06 GMT

     [ https://issues.apache.org/jira/browse/KAFKA-1684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Gwen Shapira updated KAFKA-1684:
    Affects Version/s:     (was: 0.9.0)

> Implement TLS/SSL authentication
> --------------------------------
>                 Key: KAFKA-1684
>                 URL: https://issues.apache.org/jira/browse/KAFKA-1684
>             Project: Kafka
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Jay Kreps
>            Assignee: Sriharsha Chintalapani
>             Fix For: 0.8.3
>         Attachments: KAFKA-1684.patch, KAFKA-1684.patch
> Add an SSL port to the configuration and advertise this as part of the metadata request.
> If the SSL port is configured the socket server will need to add a second Acceptor thread
to listen on it. Connections accepted on this port will need to go through the SSL handshake
prior to being registered with a Processor for request processing.
> SSL requests and responses may need to be wrapped or unwrapped using the SSLEngine that
was initialized by the acceptor. This wrapping and unwrapping is very similar to what will
need to be done for SASL-based authentication schemes. We should have a uniform interface
that covers both of these and we will need to store the instance in the session with the request.
The socket server will have to use this object when reading and writing requests. We will
need to take care with the FetchRequests as the current FileChannel.transferTo mechanism will
be incompatible with wrap/unwrap so we can only use this optimization for unencrypted sockets
that don't require userspace translation (wrapping).

This message was sent by Atlassian JIRA

View raw message