Hi All,
I have a question about the config I have working, and whether or not all
traffic is being encrypted when sent via the client.
Lets say I have the following settings, I'm only including the relevant
parameters:
Broker config:
listeners=SASL_SSL://:9092,SSL://:9093
log.message.format.version=0.10.0.0
port=9092
sasl.mechanism.inter.broker.protocol=SSL
sasl.enabled.mechanisms=PLAIN,SSL
security.inter.broker.protocol=SSL
ssl.keystore.location=/var/private/ssl/kafka.server.keystore.jks
ssl.keystore.password=somepassword
ssl.key.password=somepassword
ssl.truststore.location=/var/private/ssl/kafka.server.keystore.jks
ssl.truststore.password=somepassword
Client config, clients connect to the cluster on port 9092 (SASL_SSL)
PROPS.put("security.protocol","SASL_SSL");
PROPS.put("sasl.mechanism", "PLAIN");
PROPS.put("ssl.truststore.location","/some/location/kafka.client.truststore.jks");
PROPS.put("ssl.truststore.password","somepassword");
In this scenario, I believe that traffic between the servers is being
encrypted via TLS and authentication is being provided by TLS.
By giving a false password, I can confirm that client->broker connections
are being authenticated using the JAAS method. Once I put in the correct
password the producer is able to connect and send messages.
However how about client->broker communication? Once authentication has
completed, is all future traffic which is sent also encrypted with TLS?
Thanks in advance for any responses.
Cheers!
