Hi, Comments inline.
On Mon, Jul 18, 2016 at 3:00 PM, cs user <[email protected]> wrote: > sasl.mechanism.inter.broker.protocol=SSL > This should be GSSAPI or PLAIN. > sasl.enabled.mechanisms=PLAIN,SSL > Valid values for this are PLAIN and GSSAPI (unless you add your own SASL mechanism). In this scenario, I believe that traffic between the servers is being > encrypted via TLS Yes. > and authentication is being provided by TLS. > Authentication is being provided by SASL since your client is using the SASL_SSL security protocol. If you want to use TLS for authentication, set the security protocol to SSL and configure the client keystore. However how about client->broker communication? Once authentication has > completed, is all future traffic which is sent also encrypted with TLS? > If you use SASL_SSL or SSL security protocols, all communication is encrypted. If encryption is a requirement, you should only enable SASL_SSL and/or SSL listeners. There is a separate config for inter-broker communication (security.inter.broker.protocol). Hope this helps. Ismael
