Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.0.0
-
None
-
None
Description
We are in the process of upgrading our system to use Confluent 5.0.0 (which is using Kafka 2.0.0). I found out SslConfigs ( clients/src/main/java/org/apache/kafka/common/config/SslConfigs.java) has following change:
KAFKA-3665: Enable TLS hostname verification by default (KIP-294) (#4956)
Make HTTPS the default ssl.endpoint.identification.algorithm.
But user can not overwrite ssl.endpoint.identification.alogorithm, only following values can be reconfigurable.
public static final Set<String> RECONFIGURABLE_CONFIGS = Utils.mkSet(
¦ SslConfigs.SSL_KEYSTORE_TYPE_CONFIG,
¦ SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG,
¦ SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG,
¦ SslConfigs.SSL_KEY_PASSWORD_CONFIG,
¦ SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG,
¦ SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG,
¦ SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG);
Pls make SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG reconfigurable.