divijvaidya opened a new pull request, #12381: URL: https://github.com/apache/kafka/pull/12381
**Scenario** The scenario is explained in details in https://issues.apache.org/jira/browse/KAFKA-13474 but as a summary: When a certificate is rotated on a broker via dynamic configuration and the previous certificate expires, the broker to controller connection starts failing with `SSL Handshake failed`. **Why** A similar fix was earlier performed in https://github.com/apache/kafka/pull/6721 but when `BrokerToControllerChannelManager` was introduced in v2.7, we didn't enable dynamic reconfiguration for it's channel. **Summary of testing strategy (including rationale)** Add a test which fails prior to the fix done in the PR and succeeds afterwards. The bug wasn't caught earlier because there was no test coverage to validate the scenario. Note: I would suggest that we backport this fix to all versions until 2.7 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
