godber
commented
3 years ago I forgot to add on my initial post here that this isn't urgent and the error linked to doesn't impact us yet because our base image doesn't impose this SSL cipher constraint yet.
Newer linux releases configure SSL to exclude older cipher suites by default. Like shown in this post here:
https://jonboulineau.me/blog/kafka/kafka-tls-issue
When debugging a kafka SSL connection using
openssl s_clientyou will encounter the following error:Permitting specific cipher suites will allow users to work around this (for better or worse). At the very least, Teraslice users should be able to specify the cipher suites used in the kafka SSL connection. For
kafkacatthat is the command line argument-X ssl.cipher.suites=. Seessl.cipher.suiteshere: https://github.com/edenhill/librdkafka/blob/v1.5.2/CONFIGURATION.mdI think at the moment this would get configured on the connector config with all of the other SSL stuff.