Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-15502

Handle large keystores in SslEngineValidator

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.4.1, 3.6.0, 3.5.1
    • 3.4.2, 3.5.2, 3.7.0, 3.6.1
    • None
    • None

    Description

      We have observed an issue where inter broker SSL listener is not coming up for large keystores (size >16K)

      1. Currently validator code doesn't work well with large stores. Right now, WRAP returns if there is already data in the buffer. But if we need more data to be wrapped for UNWRAP to succeed, we end up looping forever.

      2. Observed large TLSv3 post handshake messages are not getting read and causing validator code loop forever. This is observed with JDK17+
       

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #14445

          Activity

            People

              omkreddy Manikumar
              omkreddy Manikumar
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: