Versions Compared

Old Version 2

changes.mady.by.user Nikolay Izhikov

Saved on

compared with

New Version Current

changes.mady.by.user Ismael Juma Juma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Status

Current stateUnder DiscussionAccepted

Discussion thread: here

JIRA: KAFKA-9320

...

There are no changes in public interfaces.

Proposed Changes

If Kafka started on java11 compatible environment then 

SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS = "TLSv1.2,TLSv1.3"

Change the value of the SslConfigs.DEFAULT_SSL_PROTOCOL = "TLSv1.3"

If Kafka started on java version that is lower java11 then

SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS to "TLSv1.2,"

SslConfigs.DEFAULT_SSL_PROTOCOL = "TLSv1.32"

Compatibility, Deprecation, and Migration Plan

...

Migration: Users who are using TLSv1.1 and TLSv1 should enable these versions of the protocol with the explicit configuration property "ssl.enabled.protocols"

TLSv1.3 will not work for users who configured cipher suite explicitly - one needs to update the list of ciphers to include TLSv1.3 ciphers which use a different naming convention. The client will downgrade to TLS 1.2 in this case.

Rejected Alternatives

There are no rejected alternativesWait until java8 gets TLSv1.3 support and made changes afterward.