If your only listener is SSL, you should set security.inter.broker.protocol to SSL even for single-broker cluster since it is used by the controller. I would have expected an error in the logs though if this was not configured correctly.
On Wed, Apr 20, 2016 at 1:34 AM, <ma...@kafkatool.com> wrote: > There is only one broker in this case. There are no errors (besides the > warning below) on either the broker or the client side. It just returns an > empty topic list if plaintext is not configured, even though client is > using SSL in both cases. > > marko > > > Hi, > > > > That warning is harmless. Personally, I think it may be a good idea to > > remove as it confuses people in cases such as this. > > > > Do you have multiple brokers? Are the brokers configured to use SSL for > > inter-broker communication (security.inter.broker.protocol)? This is > > required if the only listener is for SSL. > > > > Ismael > > > > On Wed, Apr 20, 2016 at 12:42 AM, <ma...@kafkatool.com> wrote: > > > >> What is the correct way of using SSL between the client and brokers if > >> client certificates are not used? The broker (0.9.0.0) reports the > >> following in the log > >> > >> WARN SSL peer is not authenticated, returning ANONYMOUS instead > >> > >> as a result of this (I belive) KafkaConsumer.listTopics() returns an > >> empty > >> map. Does this require a custom Authenticator on the broker side? If so, > >> are there examples on how to do that? > >> > >> Interestingly enough, modifying (no other changes) > >> > >> listeners=SSL://:9094 > >> > >> to > >> > >> listeners=PLAINTEXT://:9093,SSL://:9094 > >> > >> makes the listTopics() method to return the topics. If SSL is used by > >> the > >> consumer in both cases, I'm not sure why having the plaintext port would > >> affect the SSL behavior. > >> > >> -- > >> Best regards, > >> Marko > >> www.kafkatool.com > >> > >> > > > > > -- Regards, Rajini
