Hi,
I just configured SSL on 3 brokers
Here is my configuration:
I just replaced hostnames with dummy hostname.
inter.broker.listener.name=CLIENT
listeners=CLIENT://dummyhost.mycom.com:9092,SSL://dummyhost.mycom.com:9093
advertised.listeners=CLIENT://dummyhost.mycom.com:9092
#security.inter.broker.protocol = SSL
ssl.keystore.location = /kafka/certs/myproj-kafka.jks
ssl.keystore.password = xxxxxxx
ssl.key.password = xxxxxxx
ssl.truststore.location = /kafka/certs/trustchain.jks
ssl.truststore.password = xxxxxxx
ssl.enabled.protocols = [TLSv1.2, TLSv1.3]
listener.security.protocol.map=CLIENT:PLAINTEXT,PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL
After this configuration is done, I started 3 brokers. I am getting below
errors in logs. Please help to understand this.
[2020-02-25 18:00:59,446] INFO [GroupCoordinator 1]: Member
consumer-186-a4e444ba-db55-45db-9d09-f3e698f14bf1 in group KMOffsetCache-
dummyhost1.mycom.com has failed, removing it from the group
(kafka.coordinator.group.GroupCoordinator)
Feb 25, 2020 6:02:48 PM sun.rmi.transport.tcp.TCPTransport$AcceptLoop run
WARNING: RMI TCP Accept-0: accept loop for
ServerSocket[addr=0.0.0.0/0.0.0.0,localport=34895] throws
java.io.IOException: The server sockets created using the
LocalRMIServerSocketFactory only accept connections from clients running on the
host where the RMI remote objects have been exported.
at
jdk.management.agent/sun.management.jmxremote.LocalRMIServerSocketFactory$1.accept(LocalRMIServerSocketFactory.java:114)
at
java.rmi/sun.rmi.transport.tcp.TCPTransport$AcceptLoop.executeAcceptLoop(TCPTransport.java:394)
at
java.rmi/sun.rmi.transport.tcp.TCPTransport$AcceptLoop.run(TCPTransport.java:366)
at java.base/java.lang.Thread.run(Thread.java:834)
[2020-02-25 18:02:56,277] INFO Failed to create channel due to
(org.apache.kafka.common.network.SslChannelBuilder)
java.lang.IllegalArgumentException: Unsupported protocol[TLSv1.2
at
java.base/sun.security.ssl.ProtocolVersion.namesOf(ProtocolVersion.java:292)
at
java.base/sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:789)
at
org.apache.kafka.common.security.ssl.SslEngineBuilder.createSslEngine(SslEngineBuilder.java:209)
at
org.apache.kafka.common.security.ssl.SslFactory.createSslEngine(SslFactory.java:169)
at
org.apache.kafka.common.network.SslChannelBuilder.buildTransportLayer(SslChannelBuilder.java:115)
at
org.apache.kafka.common.network.SslChannelBuilder.buildChannel(SslChannelBuilder.java:100)
at
org.apache.kafka.common.network.Selector.buildAndAttachKafkaChannel(Selector.java:336)
at
org.apache.kafka.common.network.Selector.registerChannel(Selector.java:327)
at org.apache.kafka.common.network.Selector.register(Selector.java:314)
at
kafka.network.Processor.configureNewConnections(SocketServer.scala:1014)
at kafka.network.Processor.run(SocketServer.scala:759)
at java.base/java.lang.Thread.run(Thread.java:834)
[2020-02-25 18:02:56,281] ERROR Processor 3 closed connection from null
(kafka.network.Processor)
java.io.IOException: Channel could not be created for socket
java.nio.channels.SocketChannel[closed]
at
org.apache.kafka.common.network.Selector.buildAndAttachKafkaChannel(Selector.java:345)
at
org.apache.kafka.common.network.Selector.registerChannel(Selector.java:327)
at org.apache.kafka.common.network.Selector.register(Selector.java:314)
at
kafka.network.Processor.configureNewConnections(SocketServer.scala:1014)
at kafka.network.Processor.run(SocketServer.scala:759)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: org.apache.kafka.common.KafkaException:
java.lang.IllegalArgumentException: Unsupported protocol[TLSv1.2
at
org.apache.kafka.common.network.SslChannelBuilder.buildChannel(SslChannelBuilder.java:106)
at
org.apache.kafka.common.network.Selector.buildAndAttachKafkaChannel(Selector.java:336)
... 5 more
Caused by: java.lang.IllegalArgumentException: Unsupported protocol[TLSv1.2
at
java.base/sun.security.ssl.ProtocolVersion.namesOf(ProtocolVersion.java:292)
at
java.base/sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:789)
at
org.apache.kafka.common.security.ssl.SslEngineBuilder.createSslEngine(SslEngineBuilder.java:209)
at
org.apache.kafka.common.security.ssl.SslFactory.createSslEngine(SslFactory.java:169)
at
org.apache.kafka.common.network.SslChannelBuilder.buildTransportLayer(SslChannelBuilder.java:115)
at
org.apache.kafka.common.network.SslChannelBuilder.buildChannel(SslChannelBuilder.java:100)
CONFIDENTIAL NOTE:
The information contained in this email is intended only for the use of the
individual or entity named above and may contain information that is
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this communication
is strictly prohibited. If you have received this message in error, please
immediately notify the sender and delete the mail. Thank you.
