[jira] [Commented] (KAFKA-9684) Add support for SNI names in SSL request

Badai Aqrandista (Jira) Sun, 08 Mar 2020 19:54:17 -0700


    [ 
https://issues.apache.org/jira/browse/KAFKA-9684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17054620#comment-17054620
 ]


Badai Aqrandista commented on KAFKA-9684:
-----------------------------------------

This line does not include adding SNI name to SSLParameters:

https://github.com/apache/kafka/blob/2.4.0/clients/src/main/java/org/apache/kafka/common/security/ssl/SslEngineBuilder.java#L232

So, I assume this is not supported right now.

> Add support for SNI names in SSL request
> ----------------------------------------
>
>                 Key: KAFKA-9684
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9684
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Badai Aqrandista
>            Priority: Minor
>
> When running Kafka cluster with SSL security behind HA Proxy, we need the 
> client to send SSL packets with SNI name extension [1]. This will allow HA 
> Proxy to forward the request to the relevant broker behind it (passthrough).
> Java 7 and higher supports this by adding SNIHostName [2] to SSLParameters 
> [3]. 
> [1] https://www.ietf.org/rfc/rfc6066.txt
> [2] https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SNIHostName.html
> [3] 
> https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.html#setServerNames-java.util.List-



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (KAFKA-9684) Add support for SNI names in SSL request

Reply via email to