...
Current state: Under Discussion
JIRA: Not yet
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
...
Proposed Change
This KIP proposes adding
...
enabling SSL support in the Jetty HTTP server. Jetty already supports SSL / TLS. So the main work in this KIP will be around enabling and configuring SSL / TLS.
Public Interfaces
Configuration of SSL / TLS for the Kafka Connect REST interface will follow the configuration for other SSL / TLS enabled server interfaces. It will be done through the properties configuration file for the distributed Kafka Connect workers. It will add following new options:
- rest.security.protocol
- rest.ssl.keystore.location
- rest.ssl.keystore.password
- rest.ssl.keystore.type
- rest.ssl.key.password
- rest.ssl.truststore.location
- rest.ssl.truststore.password
- rest.ssl.truststore.type
- rest.ssl.enabled.protocols
- rest.ssl.provider
- rest.ssl.protocol
- rest.ssl.cipher.suites
- rest.ssl.keymanager.algorithm
- rest.ssl.secure.random.implementation
- rest.ssl.trustmanager.algorithm
- rest.ssl.clientAuth
The rest.security.protocol
option will support only PLAINTEXT
and SSL
values. PLAINTEXT
will be the default value and will keep all SSL/TLS functionality disabled to keep the backwards compatibility.
Migration Plan and Compatibility
...