Elvar created KAFKA-3647: ---------------------------- Summary: Unable to set a ssl provider Key: KAFKA-3647 URL: https://issues.apache.org/jira/browse/KAFKA-3647 Project: Kafka Issue Type: Bug Components: security Affects Versions: 0.9.0.1 Environment: Centos, OracleJRE 8, Vagrant Reporter: Elvar
When defining a ssl provider Kafka does not start because the provider was not found. {code} [2016-05-02 13:48:48,252] FATAL [Kafka Server 11], Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: java.security.NoSuchProviderException: no such provider: sun.security.ec.SunEC at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:44) {code} To test {code} /bin/kafka-server-start /etc/kafka/server.properties --override ssl.provider=sun.security.ec.SunEC {code} This is stopping us from talking to Kafka with SSL from Go programs because no common cipher suites are available. Using sslscan this is available from Kafka {code} Supported Server Cipher(s): Accepted TLSv1 256 bits DHE-DSS-AES256-SHA Accepted TLSv1 128 bits DHE-DSS-AES128-SHA Accepted TLSv1 128 bits EDH-DSS-DES-CBC3-SHA Accepted TLS11 256 bits DHE-DSS-AES256-SHA Accepted TLS11 128 bits DHE-DSS-AES128-SHA Accepted TLS11 128 bits EDH-DSS-DES-CBC3-SHA Accepted TLS12 256 bits DHE-DSS-AES256-GCM-SHA384 Accepted TLS12 256 bits DHE-DSS-AES256-SHA256 Accepted TLS12 256 bits DHE-DSS-AES256-SHA Accepted TLS12 128 bits DHE-DSS-AES128-GCM-SHA256 Accepted TLS12 128 bits DHE-DSS-AES128-SHA256 Accepted TLS12 128 bits DHE-DSS-AES128-SHA Accepted TLS12 128 bits EDH-DSS-DES-CBC3-SHA Preferred Server Cipher(s): SSLv2 0 bits (NONE) TLSv1 256 bits DHE-DSS-AES256-SHA TLS11 256 bits DHE-DSS-AES256-SHA TLS12 256 bits DHE-DSS-AES256-GCM-SHA384 {code} >From the Golang documentation these are avilable there {code} TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xc009 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xc00a TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)