[
https://issues.apache.org/jira/browse/KAFKA-15502?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manikumar updated KAFKA-15502:
------------------------------
Description:
We have observed an issue where inter broker SSL listener is not coming up for
large keystores (size >16K)
1. Currently validator code doesn't work well with large stores. Right now,
WRAP returns if there is already data in the buffer. But if we need more data
to be wrapped for UNWRAP to succeed, we end up looping forever.
2. Observed large TLSv3 post handshake messages are not getting read and
causing validator code loop forever. This is observed with JDK17+
was:
We have observed an issue where inter broker SSL listener is not coming up for
large keystores (size >16K)
1. Currently validator code doesn't work well with large stores. Right now,
WRAP returns if there is already data in the buffer. But if we need more data
to be wrapped for UNWRAP to succeed, we end up looping forever.
2. Observed large TLSv3 post handshake messages are not getting read and
causing UNWRAP loop forever. This is observed with JDK17+
> Handle large keystores in SslEngineValidator
> --------------------------------------------
>
> Key: KAFKA-15502
> URL: https://issues.apache.org/jira/browse/KAFKA-15502
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 3.6.0
> Reporter: Manikumar
> Assignee: Manikumar
> Priority: Major
>
> We have observed an issue where inter broker SSL listener is not coming up
> for large keystores (size >16K)
> 1. Currently validator code doesn't work well with large stores. Right now,
> WRAP returns if there is already data in the buffer. But if we need more data
> to be wrapped for UNWRAP to succeed, we end up looping forever.
> 2. Observed large TLSv3 post handshake messages are not getting read and
> causing validator code loop forever. This is observed with JDK17+
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
