You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2022/06/24 09:03:52 UTC

[GitHub] [kafka] gddsop opened a new pull request, #12340: KAFKA-14018:Support p12 with sha256

gddsop opened a new pull request, #12340:
URL: https://github.com/apache/kafka/pull/12340

   Hi, my first PR.
   Our partner changed the encryption algorithm of the p12  certificate from SHA1 to SHA256 for some reason. As a result, Kafka reported a connection error due to the wrong password.But we found the root cause is that the keytool of JDK8 does not support this encryption format.
   
   Solve it with BouncyCastle


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [kafka] dongjinleekr commented on pull request #12340: KAFKA-14018:Support p12 with sha256

Posted by GitBox <gi...@apache.org>.

dongjinleekr commented on PR #12340:
URL: https://github.com/apache/kafka/pull/12340#issuecomment-1179669443

   @gddsop I reviewed this problem and found the following:
   
   As of present, Apache Kafka runs on Java 8 or above. Until 8, Java uses 'JKS' as a default Keystore type and after that, uses pkcs#12 (includes `.p12`) However, the supported algorithm list of [Java 8 (JKS)](https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SUNProvider) and [Java 11 (pkcs#12)](https://docs.oracle.com/en/java/javase/11/tools/keytool.html#GUID-5990A2E4-78E3-47B7-AE75-6D1826259549__GUID-5709F884-DD73-4401-A2FC-C7610922DC53) does not include SHA1 or SHA256.
   
   So, I think this feature would be much better for a custom `org.apache.kafka.common.security.auth.SecurityProviderCreator`.
   
   @showuon How do you think? I think this issue would be rather a documentaton problem.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org