[
https://issues.apache.org/jira/browse/KAFKA-8669?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manikumar resolved KAFKA-8669.
------------------------------
Fix Version/s: 2.4.0
Assignee: Sai Sandeep
Resolution: Fixed
Fixed in https://github.com/apache/kafka/pull/7090
> Add java security providers in Kafka Security config
> ----------------------------------------------------
>
> Key: KAFKA-8669
> URL: https://issues.apache.org/jira/browse/KAFKA-8669
> Project: Kafka
> Issue Type: Improvement
> Reporter: Sai Sandeep
> Assignee: Sai Sandeep
> Priority: Minor
> Fix For: 2.4.0
>
>
> Currently kafka supports ssl.keymanager.algorithm and
> ssl.trustmanager.algorithm parameters as part of secure config. These
> parameters can be configured to load the key manager and trust managers which
> provide keys and certificates for ssl handshakes with the clients/server. The
> algorithms configured by parameters need to be registered by Java security
> provider classes. These provider classes are configured as JVM properties
> through java.security file. An example file given below
> {code:java}
> $ cat /usr/lib/jvm/jdk-8-oracle-x64/jre/lib/security/java.security
> ...
> security.provider.1=sun.security.provider.Sun
> security.provider.2=sun.security.rsa.SunRsaSign
> security.provider.3=sun.security.ec.SunEC
> …
> {code}
> Custom keymanager and trustmanager algorithms can be used to supply the kafka
> brokers with keys and certificates, these algorithms can be used to replace
> the traditional, non-scalable static keystore and truststore jks files.
> To take advantage of these custom algorithms, we want to support java
> security provider parameter in security config. This param can be used by
> kafka brokers or kafka clients(when connecting to the kafka brokers). The
> security providers can also be used for configuring security in SASL based
> communication too.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
