You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Badai Aqrandista (Jira)" <ji...@apache.org> on 2020/03/09 02:44:00 UTC

[jira] [Created] (KAFKA-9684) Add support for SNI names in SSL request

Badai Aqrandista created KAFKA-9684:
---------------------------------------

             Summary: Add support for SNI names in SSL request
                 Key: KAFKA-9684
                 URL: https://issues.apache.org/jira/browse/KAFKA-9684
             Project: Kafka
          Issue Type: Improvement
            Reporter: Badai Aqrandista


When running Kafka cluster with SSL security behind HA Proxy, we need the client to send SSL packets with SNI name extension [1]. This will allow HA Proxy to forward the request to the relevant broker behind it (passthrough).

Java 7 and higher supports this by adding SNIHostName [2] to SSLParameters [3]. 


[1] https://www.ietf.org/rfc/rfc6066.txt
[2] https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SNIHostName.html
[3] https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#setServerNames-java.util.List-



--
This message was sent by Atlassian Jira
(v8.3.4#803005)