Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9577

Client encountering SASL_HANDSHAKE protocol version errors on 2.5 / trunk

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.5.0
    • Fix Version/s: 2.5.0
    • Component/s: core
    • Labels:
      None

      Description

      I am trying 2.5.0 with sasl turned on and my consumer and producer clients receive:

      org.apache.kafka.common.errors.UnsupportedVersionException: The SASL_HANDSHAKE protocol does not support version 2
      

      I believe this is due to https://github.com/apache/kafka/commit/0a2569e2b9907a1217dd50ccbc320f8ad0b42fd0 which added flexible version support and bumped the protocol version.

      It appears that the SaslClientAuthenticator uses the max version for SASL_HANDSHAKE received in the broker's AP_VERSIONS response, and then uses that version even though it may not support it. See https://github.com/apache/kafka/blob/eb09efa9ac79efa484307bdcf03ac8eb8a3a94e2/clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslClientAuthenticator.java#L290

      This may make it hard to ever evolve this schema. In the short term I suggest we roll back the version bump and flexible schema until we figure out a path forward.

      It appears that this may not have been a problem in the past because the schema versions were the same and maybe we didn't validate the version number https://github.com/apache/kafka/commit/0cf7708007b01faac5012d939f3c50db274f858d#diff-7f65552a2e23aa7028500f8db06cbb30R47

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lucasbradstreet Lucas Bradstreet
                Reporter:
                lucasbradstreet Lucas Bradstreet
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: