[
https://issues.apache.org/jira/browse/KAFKA-3647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15267749#comment-15267749
]
Ismael Juma commented on KAFKA-3647:
------------------------------------
Before you change the provider, have you tried installing the "Java
Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for
JDK/JRE 8" from
http://www.oracle.com/technetwork/java/javase/downloads/index.html? More
information can be found at
https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html
.
> Unable to set a ssl provider
> ----------------------------
>
> Key: KAFKA-3647
> URL: https://issues.apache.org/jira/browse/KAFKA-3647
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.9.0.1
> Environment: Centos, OracleJRE 8, Vagrant
> Reporter: Elvar
>
> When defining a ssl provider Kafka does not start because the provider was
> not found.
> {code}
> [2016-05-02 13:48:48,252] FATAL [Kafka Server 11], Fatal error during
> KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
> org.apache.kafka.common.KafkaException:
> org.apache.kafka.common.KafkaException:
> java.security.NoSuchProviderException: no such provider: sun.security.ec.SunEC
> at
> org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:44)
> {code}
> To test
> {code}
> /bin/kafka-server-start /etc/kafka/server.properties --override
> ssl.provider=sun.security.ec.SunEC
> {code}
> This is stopping us from talking to Kafka with SSL from Go programs because
> no common cipher suites are available.
> Using sslscan this is available from Kafka
> {code}
> Supported Server Cipher(s):
> Accepted TLSv1 256 bits DHE-DSS-AES256-SHA
> Accepted TLSv1 128 bits DHE-DSS-AES128-SHA
> Accepted TLSv1 128 bits EDH-DSS-DES-CBC3-SHA
> Accepted TLS11 256 bits DHE-DSS-AES256-SHA
> Accepted TLS11 128 bits DHE-DSS-AES128-SHA
> Accepted TLS11 128 bits EDH-DSS-DES-CBC3-SHA
> Accepted TLS12 256 bits DHE-DSS-AES256-GCM-SHA384
> Accepted TLS12 256 bits DHE-DSS-AES256-SHA256
> Accepted TLS12 256 bits DHE-DSS-AES256-SHA
> Accepted TLS12 128 bits DHE-DSS-AES128-GCM-SHA256
> Accepted TLS12 128 bits DHE-DSS-AES128-SHA256
> Accepted TLS12 128 bits DHE-DSS-AES128-SHA
> Accepted TLS12 128 bits EDH-DSS-DES-CBC3-SHA
> Preferred Server Cipher(s):
> SSLv2 0 bits (NONE)
> TLSv1 256 bits DHE-DSS-AES256-SHA
> TLS11 256 bits DHE-DSS-AES256-SHA
> TLS12 256 bits DHE-DSS-AES256-GCM-SHA384
> {code}
> From the Golang documentation these are avilable there
> {code}
> TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005
> TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a
> TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f
> TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035
> TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c
> TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d
> TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xc009
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xc00a
> TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011
> TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
