...

Discussion thread: here

JIRA: KAFKA-4029Not yet

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

...

This KIP proposes enabling SSL support in the Jetty HTTP server. Jetty already supports SSL / TLS. So the main work in this KIP will be around enabling and configuring SSL / TLS. 

This proposal expects that the user will either choose HTTP or HTTPS. It doesn't provide support for using both in parallel. See "Rejected Alternatives" for more details.

Public Interfaces

Configuration of SSL / TLS for the Kafka Connect REST interface will follow the configuration for other SSL / TLS enabled server interfaces. It will be done through the properties configuration file for the distributed Kafka Connect workers. It will add following new options:

...

This KIP is a new implementation and doesn't have any backwards compatibility issues or special requirements on migration from older versions. Existing Kafka Connect installation would work in the same way as before this change. Without the SSL configuration, the REST interface will continue to be configured as today - i.e. without SSL / TLS.

Rejected Alternatives

n/aTechnically it would be possible to define multiple "listeners". For example one with HTTP and one with HTTPS. However, given the functionality provided over the REST interface I see only limited value in it. And therefore I rejected it. If you see some value / use case in this, please raise it in the discussion.