librdkafka consumer and ssl configuration

Question

I'm using librdkafka as a client consumer, and I have configured the broker and the client to support SSL, for the broker:

listeners = PLAINTEXT://172.20.54.9:9092,SSL://172.20.54.9:9093
ssl.keystore.location=E:/project_files/Project/kafka_2.11-2.1.0/config/kafka.server.keystore.jks
ssl.keystore.password=ismail
ssl.key.password=ismail
ssl.truststore.location=E:/project_files/Project/kafka_2.11-2.1.0/config/kafka.server.truststore.jks
ssl.truststore.password=password

in the client side I'm using this configuration:

rd_kafka_conf_set(conf, "metadata.broker.list", "172.20.54.9:9093",
                      NULL, 0);
rd_kafka_conf_set(conf, "security.protocol", "ssl",
                      NULL, 0);
rd_kafka_conf_set(conf, "ssl.ca.location", "/usr/bin/NetSens/CARoot.pem",
                      NULL, 0);
rd_kafka_conf_set(conf, "ssl.certificate.location", "/usr/bin/NetSens/certificate.pem",
                      NULL, 0);
rd_kafka_conf_set(conf, "ssl.key.location", "/usr/bin/NetSens/key.pem",
                      NULL, 0);
rd_kafka_conf_set(conf, "ssl.key.password", "password",
                      NULL, 0);

And I'm receiving this error:

1559309856.897 RDKAFKA-3-ERROR: rdkafka#consumer-1: [thrd:ssl://172.20.54.9:9093/bootstrap]: ssl://172.20.54.9:9093/bootstrap: SSL handshake failed: ../ssl/record/ssl3_record.c:252: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:  (after 7ms in state CONNECT)

For more information, I have in parallel another python kafka client using the same certificates and keys and it works fine. I will be so grateful for any help.

Answer 1

I believe your problem is related to this issue.

You can fix it by including -keyalg RSA when invoking keytool -genkey to generate the certificates.