Open ButcherOfBlaviken opened 2 years ago
I have this problem too, did you solve it?
使用的就是ca-cert.pem,跟运行程序放在同一目录。 %3|1649398843.295|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-3.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-3.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 102ms in state CONNECT) %3|1649398844.323|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-2.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-2.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL
请尝试重新下载demo进行测试。我目前测试是OK的
I have this problem too, did you solve it?
我用openssl的s_client命令测试了SSL,用demo里的证书去连我的kafka broker,发现SSL握手失败的原因是因为我的openssl编译的时候默认的TLS安全等级是2(不算特别高),但是这个证书里面的密钥长度仅1024,加密算法是sha1(早已满足不了今日的安全需求),这个1024bit密钥+sha1算法是不满足openssl TLS安全等级2的要求的,所以会握手失败,如果你一定要用阿里的证书的话,得把运行环境得openssl重新编译一遍,选最低的TLS安全等级(https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html ), 不过说实话选这么低等级的安全等级SSL就变得很鸡肋了
使用的就是ca-cert.pem,跟运行程序放在同一目录。 %3|1649398843.295|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-3.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-3.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 102ms in state CONNECT) %3|1649398844.323|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-2.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-2.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL