Hi, folks, I am just following up to see if anybody has clue on the following issue when I was following the guidelines provided in the step of running openssl to verify the SSL setup:
[2015-08-25 22:29:15,385] WARN Error in I/O with connection to XXXXX (org.apache.kafka.common.network.Selector) javax.net.ssl.SSLHandshakeException: no cipher suites in common at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1348) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519) at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1200) at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1172) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) at org.apache.kafka.common.network.SSLTransportLayer.handshakeWrap(SSLTransportLayer.java:345) at org.apache.kafka.common.network.SSLTransportLayer.handshake(SSLTransportLayer.java:222) at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:69) at org.apache.kafka.common.network.Selector.poll(Selector.java:290) at kafka.network.Processor.run(SocketServer.scala:393) at java.lang.Thread.run(Thread.java:745) Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1650) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:269) at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:970) at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:684) at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:222) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913) at sun.security.ssl.Handshaker$1.run(Handshaker.java:853) at sun.security.ssl.Handshaker$1.run(Handshaker.java:851) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1285) at org.apache.kafka.common.network.SSLTransportLayer.runDelegatedTasks(SSLTransportLayer.java:303) at org.apache.kafka.common.network.SSLTransportLayer.handshakeUnwrap(SSLTransportLayer.java:381) at org.apache.kafka.common.network.SSLTransportLayer.handshake(SSLTransportLayer.java:246) ... 4 more Above exception was shown on broker side and there is no certificate shown up when verifying with openssl command. And when I was trying to connect broker by producer and consumer command, it got the same error message. I tried to let ssl.cipher.suites unset and set some values in it, neither way has luck. Appreciate any help. Thanks, Samuel On Fri, Aug 21, 2015 at 6:28 AM, Ben Stopford <b...@confluent.io> wrote: > Hi Qi > > Trunk seems fairly stable. > > There are guidelines here which includes how to generate keys > https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka > <https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka > > > > Your server config needs these properties (also on the webpage): > > listeners=PLAINTEXT://:9092,SSL://:9093 > > ssl.protocol = TLS > ssl.keystore.type = JKS > ssl.keystore.location = <path>/keystore.jks > ssl.keystore.password = <pass> > ssl.key.password = <pass> > ssl.truststore.type = JKS > ssl.truststore.location = <path>/truststore.jks > ssl.truststore.password = <pass> > > To get yourself going it’s easiest to just generate a set of certs locally > and spark up the console producer/consumer pair. You’ll need the latest cut > from trunk (from today) to get a console consumer that works. > > Hope that helps > > Ben > > > > On 21 Aug 2015, at 07:10, Qi Xu <shkir...@gmail.com> wrote: > > > > Hi folks, > > I tried to clone the latest version of kafka truck and try to enable the > > SSL. The server.properties seems not having any security related > settings, > > and it seems there's no other config file relevant to SSL either. > > So may I know is this feature ready to use now in truck branch? > > > > BTW, we're using the SSL feature from the branch : > > https://github.com/relango/kafka/tree/0.8.2. Is there any significant > > difference between Kafka-truck and relango's branch? > > > > Thanks, > > Qi > >