How does tls-same-client-cert-enable work?

grepplabs / kafka-proxy

Proxy connections to Kafka cluster. Connect through SOCKS Proxy, HTTP Proxy or to cluster running in Kubernetes.

Apache License 2.0

501 stars 87 forks source link

How does tls-same-client-cert-enable work? #103

Closed AmiDavidW closed 2 years ago

AmiDavidW commented 2 years ago

Hello,

Is it possible that we use tls-same-client-cert-enable flag to make this connection below working?

kafak(10.0.0.1) <--ssl--> proxy(127.0.0.1) <--ssl--> client Both ssl connections use the same certificates.

What does the cmd look like if yes?

Thanks, David

everesio commented 2 years ago

Hi, certificates propagation is not possible. The implementation would require the proxy to know client private key for the signature in the certificateVerifyMsg.

tls-same-client-cert-enable is a contributed feature. It provides additional cert check when proxy terminates the TLS traffic.