Hi Team, I want to contribute to Kafka to address below scenario.
Client applications use SSL/TLS to connect with Kafka brokers in order to implement secured communication. The clients initiate SSL communication with Kafka brokers using the SSL Engine constructed from the ssl.* properties pointing to key store and trust store. This PR addresses couple of important enhancements related to how the key store is loaded for secured communication with Kafka brokers. Problem : Most of the times, the key store on the client side contains single key. But when the key store contains multiple keys, in order to avoid SSL handshake issues or authorization issues communicating with Kafka brokers, it is required to choose the right key from the key store. Solution : The key can be identified via key alias while constructing the SSL engine. This requires client to provide a new property ssl.keystore.alias that points to the key alias within the key store. The key manager implementation is modified to return the named key to be used for building the SSL Engine. I have already raised a PR with the required changes: https://github.com/apache/kafka/pull/17560 Please find the details for Jira and Wiki Id Jira Details Email : rahul.nirg...@mastercard.com<mailto:rahul.nirg...@mastercard.com> ID: rahulnirgude [cid:image002.png@01DB40B8.ED7BDF40] Confluence Details Email : rahul.nirg...@mastercard.com<mailto:rahul.nirg...@mastercard.com> ID: rahulnirgude [cid:image003.png@01DB40B8.ED7BDF40] Rahul Nirgude Senior Software Engineer Mastercard Business Bay | Tower A tel - | mobile 8793830455 [cid:image001.png@01DB40B6.5A21C630]<www.mastercard.com> CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.
