ZOOKEEPER-2184 the zookeeper client would canonicalize a configured host name before creating the SASL client which is used to create the principal name. After ZOOKEEPER-2184 that canonicalization does not happen so the principal that the ZK client tries to use when it is configured to talk to a CName is different between 3.4.13 and all previous versions of ZK.
zk1.mycluster.mycompany.com maps to real-node.mycompany.com.
3.4.13 will want the server to have zookeeper/zk1.mycluster.com@KDC.MYCOMPANY.COM
3.4.12 wants the server to have zookeeper/real-node.mycompany.com@KDC.MYCOMPANY.COM
This makes 3.4.13 incompatible with many ZK setups currently in existence. It would be nice to have that resolution be optional because in some cases it might be nice to have a single principal tied to the cname.