Page History

...

This KIP proposes enabling SSL support in the Jetty HTTP server. Jetty already supports SSL / TLS. So the main work in this KIP will be around enabling and configuring SSL / TLS. This proposal expects that the user will either choose HTTP or HTTPS. It doesn't provide support for using both in parallel. See "Rejected Alternatives" for more details.

Users will be able to configure REST listeners using a new configuration option listeners. It will allow to configure the protocol (which will be either HTTP or HTTPS), host and port. Users will be allowed to configure either HTTP listener or HTTPS listener or both. For example:
  listeners=http://myhost:8080,https://myhost:8443
or
  listeners=https://myhost:8443

When the listeners parameter is configured, the existing options rest.host.name and rest.port will be ignored.

The HTTPS listener (when configured in listeners) will by default use the SSL configuration from the ssl.* options. In case the user needs to use different SSL configuration for connecting to Kafka brokers and for the REST interface, the default settings can be overridden by using the prefix listeners.https. - for example:
listeners.https.ssl.keystore.location=/my/path/keystore.jks

This proposal doesn't include any authorization / ACL features. Only encryption and authentication. Authorization / ACLs should be subject of separate KIP in order to keep the scope of this KIP under control.

...

...