kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Manikumar (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (KAFKA-3647) Unable to set a ssl provider
Date Thu, 31 Aug 2017 20:11:00 GMT

     [ https://issues.apache.org/jira/browse/KAFKA-3647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Manikumar resolved KAFKA-3647.
------------------------------
    Resolution: Fixed

Closing as per above comments.

> Unable to set a ssl provider
> ----------------------------
>
>                 Key: KAFKA-3647
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3647
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.9.0.1
>         Environment: Centos, OracleJRE 8, Vagrant
>            Reporter: Elvar
>            Priority: Minor
>
> When defining a ssl provider Kafka does not start because the provider was not found.
> {code}
> [2016-05-02 13:48:48,252] FATAL [Kafka Server 11], Fatal error during KafkaServer startup.
Prepare to shutdown (kafka.server.KafkaServer)
> org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: java.security.NoSuchProviderException:
no such provider: sun.security.ec.SunEC
>         at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:44)
> {code}
> To test
> {code}
> /bin/kafka-server-start /etc/kafka/server.properties --override ssl.provider=sun.security.ec.SunEC
> {code}
> This is stopping us from talking to Kafka with SSL from Go programs because no common
cipher suites are available.
> Using sslscan this is available from Kafka
> {code}
>  Supported Server Cipher(s):
>    Accepted  TLSv1  256 bits  DHE-DSS-AES256-SHA
>    Accepted  TLSv1  128 bits  DHE-DSS-AES128-SHA
>    Accepted  TLSv1  128 bits  EDH-DSS-DES-CBC3-SHA
>    Accepted  TLS11  256 bits  DHE-DSS-AES256-SHA
>    Accepted  TLS11  128 bits  DHE-DSS-AES128-SHA
>    Accepted  TLS11  128 bits  EDH-DSS-DES-CBC3-SHA
>    Accepted  TLS12  256 bits  DHE-DSS-AES256-GCM-SHA384
>    Accepted  TLS12  256 bits  DHE-DSS-AES256-SHA256
>    Accepted  TLS12  256 bits  DHE-DSS-AES256-SHA
>    Accepted  TLS12  128 bits  DHE-DSS-AES128-GCM-SHA256
>    Accepted  TLS12  128 bits  DHE-DSS-AES128-SHA256
>    Accepted  TLS12  128 bits  DHE-DSS-AES128-SHA
>    Accepted  TLS12  128 bits  EDH-DSS-DES-CBC3-SHA
>  Preferred Server Cipher(s):
>    SSLv2  0 bits    (NONE)
>    TLSv1  256 bits  DHE-DSS-AES256-SHA
>    TLS11  256 bits  DHE-DSS-AES256-SHA
>    TLS12  256 bits  DHE-DSS-AES256-GCM-SHA384
> {code}
> From the Golang documentation these are avilable there
> {code}
>         TLS_RSA_WITH_RC4_128_SHA                uint16 = 0x0005
>         TLS_RSA_WITH_3DES_EDE_CBC_SHA           uint16 = 0x000a
>         TLS_RSA_WITH_AES_128_CBC_SHA            uint16 = 0x002f
>         TLS_RSA_WITH_AES_256_CBC_SHA            uint16 = 0x0035
>         TLS_RSA_WITH_AES_128_GCM_SHA256         uint16 = 0x009c
>         TLS_RSA_WITH_AES_256_GCM_SHA384         uint16 = 0x009d
>         TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        uint16 = 0xc007
>         TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    uint16 = 0xc009
>         TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    uint16 = 0xc00a
>         TLS_ECDHE_RSA_WITH_RC4_128_SHA          uint16 = 0xc011
>         TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     uint16 = 0xc012
>         TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      uint16 = 0xc013
>         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      uint16 = 0xc014
>         TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   uint16 = 0xc02f
>         TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b
>         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   uint16 = 0xc030
>         TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message