Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
None
-
None
-
None
Description
Default truststore for clients and default key and truststore for Kafka server are set to files in /tmp along with simplistic passwords. Since no sample stores are packaged with Kafka anyway, there is no value in hardcoded paths and passwords as defaults.
Moreover these defaults prevent the use of standard javax.net.ssl properties. And they force truststores to be set in Kafka configuration even when certificates are signed by a trusted authority included in the Java cacerts.
Default keystores and truststores should be replaced with JVM defaults.