Hi Jim,
Thank you very much!
Regards!
Am Di., 18. Juli 2023 um 14:20 Uhr schrieb Jim Halfpenny
:
> Hi Hamza,
> TLS for Kafka is not implemented in any significantly different way
> compared to other TLS-enabled services. A good place to start with is the
> Apache Kafka documentation:
>
> [image
Hi Hamza,
TLS for Kafka is not implemented in any significantly different way compared to
other TLS-enabled services. A good place to start with is the Apache Kafka
documentation:
https://kafka.apache.org/090/documentation.html#security_ssl
Apache Kafka
kafka.apache.org
You’ll find a lot of ot
Hi,
Can someone explain to me the architecture of how SSL works in Kafka?
The whole truststore and keystore relationship and how it works.
Thanks in advance!
--
*Hamze HAMZE*
Trainee/Apprentice/VIE
+49 (0) 90926032877
hamze.ha...@valeo.com
Valeo Schalter und Sensoren GmbH
Valeostrasse 1 - 8665
[
https://issues.apache.org/jira/browse/KAFKA-1685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14703132#comment-14703132
]
Jun Rao commented on KAFKA-1685:
This is done as part of KAFKA-1690.
> Implement
[
https://issues.apache.org/jira/browse/KAFKA-1685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sriharsha Chintalapani resolved KAFKA-1685.
---
Resolution: Fixed
> Implement TLS/SSL te
[
https://issues.apache.org/jira/browse/KAFKA-1685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ismael Juma updated KAFKA-1685:
---
Affects Version/s: (was: 0.9.0)
0.8.2.1
> Implement TLS/SSL te
[
https://issues.apache.org/jira/browse/KAFKA-1685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ismael Juma updated KAFKA-1685:
---
Fix Version/s: (was: 0.9.0)
0.8.3
> Implement TLS/SSL te
Much appreciated.)
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type: Sub-task
> Components: s
Much appreciated.)
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type: Sub-task
> Components: s
the patch available there. Much
appreciated.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type:
the patch available there. Much
appreciated.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type:
the patch available there. Much
appreciated.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type:
-1690. Closing this jira.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type: Sub-task
>
d in KAFKA-1690. You can try the
patch there against trunk.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
>
ease suggest the version of
Kafka for which this patch is made because when I try to apply this on .8 it
gives error.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jir
[
https://issues.apache.org/jira/browse/KAFKA-1684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gwen Shapira updated KAFKA-1684:
Fix Version/s: 0.8.3
> Implement TLS/SSL authenticat
[
https://issues.apache.org/jira/browse/KAFKA-1684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gwen Shapira updated KAFKA-1684:
Affects Version/s: (was: 0.9.0)
> Implement TLS/SSL authenticat
have patch available for KAFKA-1928 can you please upload
it. I can modify my ssl and kerberos patches according to the new code.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.or
[
https://issues.apache.org/jira/browse/KAFKA-1684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sriharsha Chintalapani reassigned KAFKA-1684:
-
Assignee: Sriharsha Chintalapani (was: Ivan Lyutov)
> Implement TLS/
[
https://issues.apache.org/jira/browse/KAFKA-1685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sriharsha Chintalapani reassigned KAFKA-1685:
-
Assignee: Sriharsha Chintalapani
> Implement TLS/SSL te
A-1928. I didn't upload a patch yet, due to the
dependency on KAFKA-1809.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
you. If you are not actively
working on it can I take it?.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
>
with that route, we probably should finish KAFKA-1928
first.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
>
this.
I'm planning to review early next week.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type:
any feedback on the above patch.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type: Sub-task
>
ttps://reviews.apache.org/r/31958/diff/
against branch origin/trunk
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
>
[
https://issues.apache.org/jira/browse/KAFKA-1684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sriharsha Chintalapani updated KAFKA-1684:
--
Attachment: KAFKA-1684.patch
> Implement TLS/SSL authenticat
atch KAFKA-1684.patch uploaded; how do we apply this to
an existing kafka installation?
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
>
the question of different ports: yes, we had
envisioned three separate ports, both for simplicity's sake, as well as
security-related reasons: supporting "no authentication" on the same port as
Kerberos and/or SSL opens us up to downgrade attacks.
> Implement
e'll keep ChannelInfo as a {port,type}
and have Broker reference a list of those instead of a single port.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.or
heir corresponding type? The
receiver can decide which port to pick.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
>
jects.
>From my look through Kafka, it doesn't seem to have terrible side effects and
>can make things clearer, but I hope someone with more experience ([~junrao]?
>[~jkreps]?) can chime in.
> Implement TLS/SSL authentication
>
>
>
o be able to convert the
serialized bytes from both versions of a request to a request object. The
request object typically unifies both versions and the broker will assume some
default value if certain fields are missing in a particular version.
> Implement TLS/SSL authent
est.
This means we need "readfrom" to create a Request object from buffers with both
versions *and* the handler to do something reasonable with both (say, assume a
PlainTextChannel if the information is missing).
Was that the intent? am I missing somethin
e information is missing).
Was that the intent? am I missing something here?
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Proj
and SASL first.
Regarding finding a good model to mimic, it seems that HDFS supports both
Kerberos and SSL. Is that a better model to look into?
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https:
s left to tackle :)
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type: Sub-task
>
to know if we can use the same port for both SSL
and Kerberos at the same time (i.e. without forcing SSL or Kerberos via
configs).
I still think 3 different ports for the 3 security modes is the simplest
solution.
> Implement TLS/SSL authentication
>
>
Base supports both Kerberos and
SSL, right? Does it use separate port? Can one enable both types of secure port
at the same time?
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.or
the same port for SSL and SASL. Do you see any reason
to try and do it that way? Pulling up the correct Channel based on port seems
like the easiest way to implement the different authentication mechanisms.
> Implement TLS/SSL authentication
>
>
>
document the config/request/ZK changes in
a wiki and also outline the upgrade path.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> P
Lv3"-- can I ask why that choice (and not,
say, the latest version)?
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project:
the
Session object.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type: Sub-task
> Compon
docs/SECURITY.md file
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type: Sub-task
>
rg/r/27071/diff/
against branch apache/trunk
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
>
[
https://issues.apache.org/jira/browse/KAFKA-1684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivan Lyutov updated KAFKA-1684:
---
Attachment: KAFKA-1684.patch
> Implement TLS/SSL authenticat
[
https://issues.apache.org/jira/browse/KAFKA-1684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivan Lyutov updated KAFKA-1684:
---
Status: Patch Available (was: Open)
> Implement TLS/SSL authenticat
[
https://issues.apache.org/jira/browse/KAFKA-1684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Stein reassigned KAFKA-1684:
Assignee: Ivan Lyutov
> Implement TLS/SSL authenticat
[
https://issues.apache.org/jira/browse/KAFKA-1685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Stein updated KAFKA-1685:
-
Component/s: security
> Implement TLS/SSL tests
> ---
>
>
[
https://issues.apache.org/jira/browse/KAFKA-1684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Stein updated KAFKA-1684:
-
Component/s: security
> Implement TLS/SSL authenticat
ened tickets for go,
python and c++ libraries to add support too. We can do snapshot trunk builds
for that too will be smoother.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apa
ther.
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type: Sub-task
>Affects Versions: 0.9.0
>
for this from KAFKA-1477?
> Implement TLS/SSL authentication
>
>
> Key: KAFKA-1684
> URL: https://issues.apache.org/jira/browse/KAFKA-1684
> Project: Kafka
> Issue Type: Sub-task
>
Jay Kreps created KAFKA-1685:
Summary: Implement TLS/SSL tests
Key: KAFKA-1685
URL: https://issues.apache.org/jira/browse/KAFKA-1685
Project: Kafka
Issue Type: Sub-task
Affects Versions
[
https://issues.apache.org/jira/browse/KAFKA-1684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jay Kreps updated KAFKA-1684:
-
Summary: Implement TLS/SSL authentication (was: Implement SSL
authentication)
> Implement TLS/
55 matches
Mail list logo
