Hi, Yes, this needs to be handled more elegantly. Can you please file a JIRA here https://issues.apache.org/jira/projects/KAFKA/issues
Thanks, Harsha On Mon, Apr 1, 2019, at 1:52 AM, jorg.heym...@gmail.com wrote: > Hi, > > We have our brokers secured with these standard properties > > listeners=SSL://a.b.c:9030 > ssl.truststore.location=... > ssl.truststore.password=... > ssl.keystore.location=... > ssl.keystore.password=... > ssl.key.password=... > ssl.client.auth=required > ssl.enabled.protocols=TLSv1.2 > > It's a bit surprising to see that when a (java) client attempts to > connect without having SSL configured, so doing a PLAINTEXT connection > instead, it does not get a TLS exception indicating that SSL is > required. Somehow i would have expected a hard transport-level > exception making it clear that non-SSL connections are not allowed, > instead the client sees this (when debug logging is enabled) > > [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka > commitId : 21234bee31165527 > [main] DEBUG org.apache.kafka.clients.consumer.KafkaConsumer - > [Consumer clientId=consumer-1, groupId=my-test-group] Kafka consumer > initialized > [main] DEBUG org.apache.kafka.clients.consumer.KafkaConsumer - > [Consumer clientId=consumer-1, groupId=my-test-group] Subscribed to > topic(s): events > [main] DEBUG > org.apache.kafka.clients.consumer.internals.AbstractCoordinator - > [Consumer clientId=consumer-1, groupId=my-test-group] Sending > FindCoordinator request to broker a.b.c:9030 (id: -1 rack: null) > [main] DEBUG org.apache.kafka.clients.NetworkClient - [Consumer > clientId=consumer-1, groupId=my-test-group] Initiating connection to > node a.b.c:9030 (id: -1 rack: null) using address /a.b.c > [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor > with name node--1.bytes-sent > [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor > with name node--1.bytes-received > [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor > with name node--1.latency > [main] DEBUG org.apache.kafka.common.network.Selector - [Consumer > clientId=consumer-1, groupId=my-test-group] Created socket with > SO_RCVBUF = 65536, SO_SNDBUF = 131072, SO_TIMEOUT = 0 to node -1 > [main] DEBUG org.apache.kafka.clients.NetworkClient - [Consumer > clientId=consumer-1, groupId=my-test-group] Completed connection to > node -1. Fetching API versions. > [main] DEBUG org.apache.kafka.clients.NetworkClient - [Consumer > clientId=consumer-1, groupId=my-test-group] Initiating API versions > fetch from node -1. > [main] DEBUG org.apache.kafka.common.network.Selector - [Consumer > clientId=consumer-1, groupId=my-test-group] Connection with /a.b.c > disconnected > java.io.EOFException > at > org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:119) > at > org.apache.kafka.common.network.KafkaChannel.receive(KafkaChannel.java:381) > at > org.apache.kafka.common.network.KafkaChannel.read(KafkaChannel.java:342) > at > org.apache.kafka.common.network.Selector.attemptRead(Selector.java:609) > at > org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:541) > at org.apache.kafka.common.network.Selector.poll(Selector.java:467) > at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:535) > at > org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:265) > at > org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:236) > at > org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:215) > at > org.apache.kafka.clients.consumer.internals.AbstractCoordinator.ensureCoordinatorReady(AbstractCoordinator.java:231) > at > org.apache.kafka.clients.consumer.internals.ConsumerCoordinator.poll(ConsumerCoordinator.java:316) > at > org.apache.kafka.clients.consumer.KafkaConsumer.updateAssignmentMetadataIfNeeded(KafkaConsumer.java:1214) > at > org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:1179) > at > org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:1164) > at eu.europa.ec.han.TestConsumer.main(TestConsumer.java:22) > [main] DEBUG org.apache.kafka.clients.NetworkClient - [Consumer > clientId=consumer-1, groupId=my-test-group] Node -1 disconnected. > [main] DEBUG > org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient - > [Consumer clientId=consumer-1, groupId=my-test-group] Cancelled request > with header RequestHeader(apiKey=FIND_COORDINATOR, apiVersion=2, > clientId=consumer-1, correlationId=0) due to node -1 being disconnected > [main] DEBUG > org.apache.kafka.clients.consumer.internals.AbstractCoordinator - > [Consumer clientId=consumer-1, groupId=my-test-group] Coordinator > discovery failed, refreshing metadata > [main] DEBUG org.apache.kafka.clients.NetworkClient - [Consumer > clientId=consumer-1, groupId=my-test-group] Give up sending metadata > request since no node is available > [main] DEBUG org.apache.kafka.clients.NetworkClient - [Consumer > clientId=consumer-1, groupId=my-test-group] Give up sending metadata > request since no node is available > [main] DEBUG org.apache.kafka.clients.NetworkClient - [Consumer > clientId=consumer-1, groupId=my-test-group] Give up sending metadata > request since no node is available > [main] DEBUG org.apache.kafka.clients.NetworkClient - [Consumer > clientId=consumer-1, groupId=my-test-group] Initialize connection to > node a.b.c:9030 (id: -1 rack: null) for sending metadata request > [main] DEBUG org.apache.kafka.clients.NetworkClient - [Consumer > clientId=consumer-1, groupId=my-test-group] Initiating connection to > node a.b.c:9030 (id: -1 rack: null) using address /a.b.c > >