Apache kafka 2.0.0版本-由于以下原因，连接到节点1的身份验证失败: [英] Apache kafka 2.0.0 version - Connection to node 1 failed authentication due to: SSL handshake

问题描述

我正在使用kafka版本kafka_2.12-2.0.0，并在启用SSL身份验证后收到以下错误.似乎可以与以前的版本配合使用:kafka_2.12-1.1.0、2.11-0.10.2.2等.

I'm using kafka version kafka_2.12-2.0.0 and received the below error after enabling SSL authentication. It seems to be working fine with previous versions: kafka_2.12-1.1.0, 2.11-0.10.2.2 etc.

我不明白为什么它不能与最新版本2.11-0.2.0.0一起使用?有没有人观察到我现在使用2.0.0版本面临的相同问题.

I don't understand why it is not working with latest version 2.11-0.2.0.0? Has anyone observed the same issue that I'm facing right now with 2.0.0 version.

下面是我的测试环境docker配置文件.

Below is my test environment docker config file.

listeners=PLAINTEXT://:9092,SSl://:9093
ssl.client.auth=required
ssl.keystore.location=/path/to/server.keystore
ssl.keystore.password=<Key store password>
ssl.key.password = <private key password>
ssl.truststore.location=/path/to/truststore.keystore
ssl.truststore.password=<trust store password>
security.inter.broker.protocol=SSL

这是错误:

[2018-10-01 09:33:38,984] ERROR [Controller id=1, targetBrokerId=1] Connection to node 1 failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)

有人可以帮助我吗?

推荐答案

没有更多细节很难确定，但是2.0.0引入了与SSL连接处理有关的行为更改.

Without more details it's hard to tell for sure, but 2.0.0 introduced a change of behaviour related to the handling of SSL connections.

如 2.0.0升级说明所述，代理设置 ssl.endpoint.identification.algorithm 现在设置为 https .这样可以强制进行主机名验证，以防止中间人"攻击.

As mentioned in the 2.0.0 upgrade notes, the broker setting ssl.endpoint.identification.algorithm is now set to https. This enforces hostname verification to prevent "man-in-the-middle" attacks.

要恢复以前的行为，您需要将其明确设置为空字符串.

To restore previous behaviour, you need to explicitely set this to an empty string.

ssl.endpoint.identification.algorithm=

这篇关于Apache kafka 2.0.0版本-由于以下原因，连接到节点1的身份验证失败:的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！