You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When debugging a kafka SSL connection using openssl s_client you will encounter the following error:
Verify return code: 68 (CA signature digest algorithm too weak)
Permitting specific cipher suites will allow users to work around this (for better or worse). At the very least, Teraslice users should be able to specify the cipher suites used in the kafka SSL connection. For kafkacat that is the command line argument -X ssl.cipher.suites=. See ssl.cipher.suites here: https://github.com/edenhill/librdkafka/blob/v1.5.2/CONFIGURATION.md
I think at the moment this would get configured on the connector config with all of the other SSL stuff.
The text was updated successfully, but these errors were encountered:
I forgot to add on my initial post here that this isn't urgent and the error linked to doesn't impact us yet because our base image doesn't impose this SSL cipher constraint yet.
Newer linux releases configure SSL to exclude older cipher suites by default. Like shown in this post here:
https://jonboulineau.me/blog/kafka/kafka-tls-issue
When debugging a kafka SSL connection using
openssl s_client
you will encounter the following error:Permitting specific cipher suites will allow users to work around this (for better or worse). At the very least, Teraslice users should be able to specify the cipher suites used in the kafka SSL connection. For
kafkacat
that is the command line argument-X ssl.cipher.suites=
. Seessl.cipher.suites
here: https://github.com/edenhill/librdkafka/blob/v1.5.2/CONFIGURATION.mdI think at the moment this would get configured on the connector config with all of the other SSL stuff.
The text was updated successfully, but these errors were encountered: