You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Rajini Sivaram (JIRA)" <ji...@apache.org> on 2016/11/17 20:56:59 UTC

[jira] [Commented] (KAFKA-4413) Kakfa should support default SSLContext

    [ https://issues.apache.org/jira/browse/KAFKA-4413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15674795#comment-15674795 ] 

Rajini Sivaram commented on KAFKA-4413:
---------------------------------------

Truststore is an optional config. If you don't specify a value, the default truststore (cacerts) is used. Did you run into any issues when truststore was not configured for producer or consumer?

> Kakfa should support default SSLContext
> ---------------------------------------
>
>                 Key: KAFKA-4413
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4413
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.10.0.1
>         Environment: All
>            Reporter: Wenjie Zhang
>              Labels: SSLContext, SslFactory, https, ssl
>
> Currently, to enable SSL in either consumer or producer, we have to provide trustStore file and password. Ideally, if the Kafka server configured with CA signed certificate, since JRE includes certain CA ROOT certs inside "cacerts", Kafka should support SSL without any trustStore file, basically, we should update `org.apache.kafka.common.security.ssl.SslFactory.createSSLContext` to use `SSLContext.getDefault()` when trustStore file is not needed, not sure if there is any other places needs to be updated for this enhancement 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)