[KAFKA-13418] Brokers disconnect intermittently with TLS1.3 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.8.0
Fix Version/s: 3.2.0, 3.1.1, 3.0.2
Component/s: clients
Labels:
None

Description

Using TLS1.3 (with JDK11) is causing a regression and an increase in inter-broker p99 latency, as mentioned by Yiming in Kafka-9320. We tested this with Kafka 2.8.
The issue seems to be because of a renegotiation exception being thrown by

read(ByteBuffer dst)

write(ByteBuffer src)

in
clients/src/main/java/org/apache/kafka/common/network/SslTransportLayer.java

This exception is causing the connection to close between the brokers before read/write is completed. In our internal experiments we have seen the p99 latency stabilize when we remove this exception.

Given that TLS1.3 does not support renegotiation, I would like to make it applicable just for TLS1.2.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

tls1_3.patch
23/Dec/21 00:29
2 kB
shylaja kokoori

Issue Links

links to

GitHub Pull Request #11966

Activity

People

Assignee:: shylaja kokoori

Reporter:: shylaja kokoori

Reviewer:: Ismael Juma

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 29/Oct/21 00:17

Updated:: 31/Mar/22 16:57

Resolved:: 29/Mar/22 22:08