arushi315
commented
5 months ago Hi @pranavrth
Will you be able to provide some guidance on this?
Open Vikash08Mishra opened 6 months ago
arushi315
commented
5 months ago Hi @pranavrth
Will you be able to provide some guidance on this?
WaxWell-Bison
commented
5 months ago I'm experimenting similar issue on python 3.8.13 issue when using 'security.protocol': 'SSL' in the producer configuration.
import confluent_kafka
producer = confluent_kafka.Producer({'security.protocol': 'SSL'})
print(producer)No issue with python 3.9.13 though
arushi315
commented
5 months ago Thanks @WaxWell-Bison for the suggestion. It is working for us as well once we update the python version however it only works when I use the python version >= 3.12.0.
pranavrth
commented
1 month ago Is this issue still happening?
Description
Facing issue while trying communication to Kafka over SSL via Admin Client. Configuration:
{'bootstrap.servers': 'X.X.X.X:X', 'security.protocol': 'ssl', 'ssl.ca.location': 'ca-cert-path'}confluent-python version: 1.9.2 works perfect but same breaks when I upgrade to any of higher version for confluent python: 2.0.2, 2.1.1, 2.2.0 & 2.3.0. It's worth noting that each of confluent-dotnet version: 2.1.1, 2.2.0 & 2.3.0 with exact same configuration and certificate works perfectly.
Debug logs: It says broker didn't provide certificate but same works with confluent python 1.9.2 and each confluent dotnet version I mentioned above. I have replaced actual broker IP's with keyword: broker_ip in below debug logs.
Do not suspect OpenSSL issue mentioned in post: https://github.com/confluentinc/confluent-kafka-python/issues/1521 as CIpher used is
cipher TLS_AES_256_GCM_SHA384. So don't think that it's a weak cipher issue, also confluent dotnet use same librdkafka for version 2.1.1, 2.2.0 and 2.3.0 which has OpenSSL >3.0 and it works fine over there with same certificate. Jus to rule out I tried settingssl.providers=default,legacybut then I encountered segment error for each of confluent python version >=2.0.2Saw related issue: https://github.com/confluentinc/confluent-kafka-python/issues/1547 where its mentioned it's fixed but I still see same segment issue.
Any help is highly appreciated.
How to reproduce
{'bootstrap.servers': 'X.X.X.X:X', 'security.protocol': 'ssl', 'ssl.ca.location': 'ca-cert-path'}client.create_topics(topic_name, validate_only=True)), Create Topic and Fetch Metadata.ssl.providers=default,legacyExists only in confluent python >=2.0.2. Same work fine for confluent python 1.9.2 and confluent versions >=2.1.1.
Checklist
Please provide the following information:
confluent_kafka.version()andconfluent_kafka.libversion()): >=2.0.2{'bootstrap.servers': 'X.X.X.X:X', 'security.protocol': 'ssl', 'ssl.ca.location': 'ca-cert-path'}'debug': '..'as necessary)