Apache kafka 2.0.0版本-由于以下原因,连接到节点1的身份验证失败: [英] Apache kafka 2.0.0 version - Connection to node 1 failed authentication due to: SSL handshake
问题描述
我正在使用kafka版本kafka_2.12-2.0.0,并在启用SSL身份验证后收到以下错误.似乎可以与以前的版本配合使用:kafka_2.12-1.1.0、2.11-0.10.2.2等.
I'm using kafka version kafka_2.12-2.0.0 and received the below error after enabling SSL authentication. It seems to be working fine with previous versions: kafka_2.12-1.1.0, 2.11-0.10.2.2 etc.
我不明白为什么它不能与最新版本2.11-0.2.0.0一起使用?有没有人观察到我现在使用2.0.0版本面临的相同问题.
I don't understand why it is not working with latest version 2.11-0.2.0.0? Has anyone observed the same issue that I'm facing right now with 2.0.0 version.
下面是我的测试环境docker配置文件.
Below is my test environment docker config file.
listeners=PLAINTEXT://:9092,SSl://:9093
ssl.client.auth=required
ssl.keystore.location=/path/to/server.keystore
ssl.keystore.password=<Key store password>
ssl.key.password = <private key password>
ssl.truststore.location=/path/to/truststore.keystore
ssl.truststore.password=<trust store password>
security.inter.broker.protocol=SSL
这是错误:
[2018-10-01 09:33:38,984] ERROR [Controller id=1, targetBrokerId=1] Connection to node 1 failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
有人可以帮助我吗?
推荐答案
没有更多细节很难确定,但是2.0.0引入了与SSL连接处理有关的行为更改.
Without more details it's hard to tell for sure, but 2.0.0 introduced a change of behaviour related to the handling of SSL connections.
如 2.0.0升级说明所述,代理设置 ssl.endpoint.identification.algorithm
现在设置为 https
.这样可以强制进行主机名验证,以防止中间人"攻击.
As mentioned in the 2.0.0 upgrade notes, the broker setting ssl.endpoint.identification.algorithm
is now set to https
. This enforces hostname verification to prevent "man-in-the-middle" attacks.
要恢复以前的行为,您需要将其明确设置为空字符串.
To restore previous behaviour, you need to explicitely set this to an empty string.
ssl.endpoint.identification.algorithm=
这篇关于Apache kafka 2.0.0版本-由于以下原因,连接到节点1的身份验证失败:的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!