Hi, folks,

I am just following up to see if anybody has clue on the following issue
when I was following the guidelines provided in the step of running openssl
to verify the SSL setup:

[2015-08-25 22:29:15,385] WARN Error in I/O with connection to XXXXX
(org.apache.kafka.common.network.Selector)
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1348)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1200)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1172)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at
org.apache.kafka.common.network.SSLTransportLayer.handshakeWrap(SSLTransportLayer.java:345)
at
org.apache.kafka.common.network.SSLTransportLayer.handshake(SSLTransportLayer.java:222)
at
org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:69)
at org.apache.kafka.common.network.Selector.poll(Selector.java:290)
at kafka.network.Processor.run(SocketServer.scala:393)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1650)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:269)
at
sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:970)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:684)
at
sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:222)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:913)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:853)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:851)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1285)
at
org.apache.kafka.common.network.SSLTransportLayer.runDelegatedTasks(SSLTransportLayer.java:303)
at
org.apache.kafka.common.network.SSLTransportLayer.handshakeUnwrap(SSLTransportLayer.java:381)
at
org.apache.kafka.common.network.SSLTransportLayer.handshake(SSLTransportLayer.java:246)
... 4 more

Above exception was shown on broker side and there is no certificate shown
up when verifying with openssl command. And when I was trying to connect
broker by producer and consumer command, it got the same error message. I
tried to let ssl.cipher.suites unset and set some values in it, neither way
has luck. Appreciate any help.

Thanks,
Samuel


On Fri, Aug 21, 2015 at 6:28 AM, Ben Stopford <b...@confluent.io> wrote:

> Hi Qi
>
> Trunk seems fairly stable.
>
> There are guidelines here which includes how to generate keys
> https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka
> <https://cwiki.apache.org/confluence/display/KAFKA/Deploying+SSL+for+Kafka
> >
>
> Your server config needs these properties (also on the webpage):
>
> listeners=PLAINTEXT://:9092,SSL://:9093
>
> ssl.protocol = TLS
> ssl.keystore.type = JKS
> ssl.keystore.location = <path>/keystore.jks
> ssl.keystore.password = <pass>
> ssl.key.password = <pass>
> ssl.truststore.type = JKS
> ssl.truststore.location = <path>/truststore.jks
> ssl.truststore.password = <pass>
>
> To get yourself going it’s easiest to just generate a set of certs locally
> and spark up the console producer/consumer pair. You’ll need the latest cut
> from trunk (from today) to get a console consumer that works.
>
> Hope that helps
>
> Ben
>
>
> > On 21 Aug 2015, at 07:10, Qi Xu <shkir...@gmail.com> wrote:
> >
> > Hi folks,
> > I tried to clone the latest version of kafka truck and try to enable the
> > SSL. The server.properties seems not having any security related
> settings,
> > and it seems there's no other config file relevant to SSL either.
> > So may I know is this feature ready to use now in truck branch?
> >
> > BTW, we're using the SSL feature from the branch :
> > https://github.com/relango/kafka/tree/0.8.2. Is there any significant
> > difference between Kafka-truck and relango's branch?
> >
> > Thanks,
> > Qi
>
>

Reply via email to