Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-13418

Brokers disconnect intermittently with TLS1.3

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.8.0
    • 3.2.0, 3.1.1, 3.0.2
    • clients
    • None

    Description

      Using TLS1.3 (with JDK11) is causing a regression and an increase in inter-broker p99 latency, as mentioned by Yiming in Kafka-9320. We tested this with Kafka 2.8.
      The issue seems to be because of a renegotiation exception being thrown by 

      read(ByteBuffer dst)

      & 

      write(ByteBuffer src)

      in
      clients/src/main/java/org/apache/kafka/common/network/SslTransportLayer.java

      This exception is causing the connection to close between the brokers before read/write is completed. In our internal experiments we have seen the p99 latency stabilize when we remove this exception.

      Given that TLS1.3 does not support renegotiation, I would like to make it applicable just for TLS1.2.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            skokoori shylaja kokoori
            skokoori shylaja kokoori
            Ismael Juma Ismael Juma
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment