abroddle opened a new issue #2375: URL: https://github.com/apache/bookkeeper/issues/2375
As part of our Apache Pulsar cluster, we are trying to configure the Apache Bookkeeper to support TLS encryption. We have tried both PEM and JKS configurations and we have seen that the data on the channel is NOT encrypted. We see in log files (journal) that the Bookie and Broker say they are using TLS and we originally thought we were good. When we run a tcpdump to look at the network traffic on the bookkeeper and broker, we see plain text data as sent from our test client. We want to understand the general community approach to Bookkeeper and the use of TLS. Within our organization, TLS encryption of data channel is an expectation for all components of the cluster. Questions: - Are enterprises using plain text Pulsar clusters with non-TLS bookkeepers - Is there any documentation in the Apache Pulsar project for configuring TLS for Pulsar Brokers and Apache Bookkeeper. We have not found it. - Ref: https://bookkeeper.apache.org/docs/4.9.2/security/tls/ - The openssl command does not work against a properly configured BookKeeper from what we see in documentation and Slack chats. (openssl s_client -debug -connect localhost:3181 -tls1) - Is there any documentation for the configuration of PEM based security on bookkeeper? We have posted questions on the Slack channels for Pulsar, Bookkeeper and are attempting to follow the instructions but are unsuccessful so far. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
