Unable to auth via SASL over SSL

[csghuser]

I can't seem to get this to work when a listener is configured to use SASL_SSL.
For example, let's say your broker has the following config:

listeners=SASL_SSL://somehost:9092

With the TF config as follows:

provider "kafka" {
  bootstrap_servers = ["somehost:9092"]
  tls_enabled = true
  sasl_username = "username"
  sasl_password = "password"
  skip_tls_verify   = true
}

I just get the following error

Error running plan: 1 error(s) occurred:

* provider.kafka: kafka: client has run out of available brokers to talk to (Is your cluster reachable?)

I can connect via a java client, using the following jaas config:

KafkaClient {
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="username"
        password="password";
    };

(I tested changing the password to something incorrect, and then I can't connect so it does seem to be working).

I'm using the following opts in the working java code:

        PROPS.put("security.protocol","SASL_SSL");
        PROPS.put("sasl.mechanism", "PLAIN");

Any idea what I might be doing wrong?

[csghuser]

I think perhaps it is related to IBM/sarama#643

When you create the keystore use -keyalg RSA, then you will get the right ciphers.

Not sure I would have passed that when creating the key, which could be the problem. Not had chance to test it though.

[csghuser]

That fixed it for me, recreating the key with -keyalg RSA did the trick.