I'm wondering if I'm missing something about configuring SSL for Kraft. We currently have a Zookeeper cluster where all inter-broker & client communication uses SSL. We manage our own CA and generate all the necessary keystore/truststore jks files for our brokers and clients. We've had this in place for several years.
I've recently been trying to set up a Kraft-based cluster. And since a Kraft controller is configured much the same as a Kafka broker is, I figured I would try to have the Kraft controllers communicate to each other over SSL, same as I have the brokers do. When I enable SSL for the Kraft controller I get this error on startup, "Invalid value javax.net.ssl.SSLHandshakeException: No available authentication scheme for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings." I am running everything in Docker containers, using Confluent's images. Currently using version 7.7.0, though I saw the same errors on 7.7.1 Turning on SSL debugging didn't turn up anything obvious. And I'm pretty stumped as to what's going on. Wondering if anyone here has thoughts. Several attempts at this, along with a lot of research, haven't gotten me anywhere. My relevant Kraft controller config KAFKA_CONTROLLER_LISTENER_NAMES: SSL KAFKA_INTER_BROKER_LISTENER_NAME: SSL KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "SSL:SSL" KAFKA_LISTENERS: SSL://0.0.0.0:9094 KAFKA_METADATA_VERSION: "3.7" KAFKA_PROCESS_ROLES: controller KAFKA_SSL_CLIENT_AUTH: required KAFKA_SSL_KEYSTORE_CREDENTIALS: credentials KAFKA_SSL_KEYSTORE_FILENAME: keystore.jks KAFKA_SSL_KEY_CREDENTIALS: credentials KAFKA_SSL_SECRETS_DIR: /etc/kafka/secrets KAFKA_SSL_TRUSTSTORE_CREDENTIALS: credentials KAFKA_SSL_TRUSTSTORE_FILENAME: truststore.jks —— Ian Whitney (he/him/his) Data Engineer | ASR Data Engineering Academic Support Resources | asr.umn.edu Office of Undergraduate Education | University of Minnesota whit0...@umn.edu | 612-547-8598
