[
https://issues.apache.org/jira/browse/KAFKA-2656?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajini Sivaram updated KAFKA-2656:
----------------------------------
Status: Patch Available (was: Open)
Removed default keystore and truststore for Kafka server and clients. Have
tested in our environment both with default JVM cacerts truststore and JVM
options to set defaults. Since the code was already handling null values
correctly, the only changes required were removal of defaults in Kafka configs.
> Default SSL keystore and truststore config are unusable
> -------------------------------------------------------
>
> Key: KAFKA-2656
> URL: https://issues.apache.org/jira/browse/KAFKA-2656
> Project: Kafka
> Issue Type: Bug
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Critical
> Fix For: 0.9.0.0
>
>
> Default truststore for clients and default key and truststore for Kafka
> server are set to files in /tmp along with simplistic passwords. Since no
> sample stores are packaged with Kafka anyway, there is no value in hardcoded
> paths and passwords as defaults.
> Moreover these defaults prevent the use of standard javax.net.ssl properties.
> And they force truststores to be set in Kafka configuration even when
> certificates are signed by a trusted authority included in the Java cacerts.
> Default keystores and truststores should be replaced with JVM defaults.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
