[ https://issues.apache.org/jira/browse/KAFKA-9577?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Gustafson resolved KAFKA-9577. ------------------------------------ Resolution: Fixed > Client encountering SASL_HANDSHAKE protocol version errors on 2.5 / trunk > ------------------------------------------------------------------------- > > Key: KAFKA-9577 > URL: https://issues.apache.org/jira/browse/KAFKA-9577 > Project: Kafka > Issue Type: Bug > Components: core > Affects Versions: 2.5.0 > Reporter: Lucas Bradstreet > Assignee: Lucas Bradstreet > Priority: Blocker > Fix For: 2.5.0 > > > I am trying 2.5.0 with sasl turned on and my consumer and producer clients > receive: > {noformat} > org.apache.kafka.common.errors.UnsupportedVersionException: The > SASL_HANDSHAKE protocol does not support version 2 > {noformat} > I believe this is due to > [https://github.com/apache/kafka/commit/0a2569e2b9907a1217dd50ccbc320f8ad0b42fd0] > which added flexible version support and bumped the protocol version. > It appears that the SaslClientAuthenticator uses the max version for > SASL_HANDSHAKE received in the broker's AP_VERSIONS response, and then uses > that version even though it may not support it. See > [https://github.com/apache/kafka/blob/eb09efa9ac79efa484307bdcf03ac8eb8a3a94e2/clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslClientAuthenticator.java#L290]. > > This may make it hard to ever evolve this schema. In the short term I suggest > we roll back the version bump and flexible schema until we figure out a path > forward. > It appears that this may not have been a problem in the past because the > schema versions were the same and maybe we didn't validate the version number > [https://github.com/apache/kafka/commit/0cf7708007b01faac5012d939f3c50db274f858d#diff-7f65552a2e23aa7028500f8db06cbb30R47] -- This message was sent by Atlassian Jira (v8.3.4#803005)