Hello, We noticed that setting ssl.endpoint.identification.algorithm to empty (on both client and broker side) we got a big performance improvement in terms of throughput. As far as I understand, this is related to the SSL connection doing a DNS lookup to check that the host matches the certificate.
The root cause was a networking issue after enabling ssl.endpoint.identification.algorithm=https. Too many DNS requests were made and they were too expensive. We are using 1-way SSL (no SSL client auth) with Kafka 2.4 still on Java 8 :'( Why are so many DNS requests being made? There is no DNS caching? Is it possible to have both security (ssl.endpoint.identification.algorithm enabled) and performance? Regards, Gérald
