You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Manikumar (Jira)" <ji...@apache.org> on 2019/10/07 08:48:00 UTC

[jira] [Resolved] (KAFKA-8669) Add java security providers in Kafka Security config

     [ https://issues.apache.org/jira/browse/KAFKA-8669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Manikumar resolved KAFKA-8669.
------------------------------
    Fix Version/s: 2.4.0
         Assignee: Sai Sandeep
       Resolution: Fixed

Fixed in https://github.com/apache/kafka/pull/7090

> Add java security providers in Kafka Security config
> ----------------------------------------------------
>
>                 Key: KAFKA-8669
>                 URL: https://issues.apache.org/jira/browse/KAFKA-8669
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Sai Sandeep
>            Assignee: Sai Sandeep
>            Priority: Minor
>             Fix For: 2.4.0
>
>
> Currently kafka supports ssl.keymanager.algorithm and ssl.trustmanager.algorithm parameters as part of secure config. These parameters can be configured to load the key manager and trust managers which provide keys and certificates for ssl handshakes with the clients/server. The algorithms configured by parameters need to be registered by Java security provider classes. These provider classes are configured as JVM properties through java.security file. An example file given below
> {code:java}
> $ cat /usr/lib/jvm/jdk-8-oracle-x64/jre/lib/security/java.security
> ...
> security.provider.1=sun.security.provider.Sun
> security.provider.2=sun.security.rsa.SunRsaSign
> security.provider.3=sun.security.ec.SunEC
> …
> {code}
> Custom keymanager and trustmanager algorithms can be used to supply the kafka brokers with keys and certificates, these algorithms can be used to replace the traditional, non-scalable static keystore and truststore jks files.
> To take advantage of these custom algorithms, we want to support java security provider parameter in security config. This param can be used by kafka brokers or kafka clients(when connecting to the kafka brokers). The security providers can also be used for configuring security in SASL based communication too.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)