[
https://issues.apache.org/jira/browse/KAFKA-9577?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jason Gustafson resolved KAFKA-9577.
------------------------------------
Resolution: Fixed
> Client encountering SASL_HANDSHAKE protocol version errors on 2.5 / trunk
> -------------------------------------------------------------------------
>
> Key: KAFKA-9577
> URL: https://issues.apache.org/jira/browse/KAFKA-9577
> Project: Kafka
> Issue Type: Bug
> Components: core
> Affects Versions: 2.5.0
> Reporter: Lucas Bradstreet
> Assignee: Lucas Bradstreet
> Priority: Blocker
> Fix For: 2.5.0
>
>
> I am trying 2.5.0 with sasl turned on and my consumer and producer clients
> receive:
> {noformat}
> org.apache.kafka.common.errors.UnsupportedVersionException: The
> SASL_HANDSHAKE protocol does not support version 2
> {noformat}
> I believe this is due to
> [https://github.com/apache/kafka/commit/0a2569e2b9907a1217dd50ccbc320f8ad0b42fd0]
> which added flexible version support and bumped the protocol version.
> It appears that the SaslClientAuthenticator uses the max version for
> SASL_HANDSHAKE received in the broker's AP_VERSIONS response, and then uses
> that version even though it may not support it. See
> [https://github.com/apache/kafka/blob/eb09efa9ac79efa484307bdcf03ac8eb8a3a94e2/clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslClientAuthenticator.java#L290].
>
> This may make it hard to ever evolve this schema. In the short term I suggest
> we roll back the version bump and flexible schema until we figure out a path
> forward.
> It appears that this may not have been a problem in the past because the
> schema versions were the same and maybe we didn't validate the version number
> [https://github.com/apache/kafka/commit/0cf7708007b01faac5012d939f3c50db274f858d#diff-7f65552a2e23aa7028500f8db06cbb30R47]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
