Configuring Kafka Producer and Kafka Consumer
Examples for configuring Kafka Producer and Kafka consumer. SSL is supported for new Kafka Producers and Consumer processes; the older API is not supported. Configuration settings for SSL are the same for producers and consumers.
If client authentication is not needed in the broker, then the following is a minimal configuration example:
security.protocol = SSL
ssl.truststore.location = /var/private/ssl/kafka.client.truststore.jks
ssl.truststore.password = test1234
If client authentication is required, first create a keystore (described earlier in this chapter). Next, specify the following settings:
ssl.keystore.location = /var/private/ssl/kafka.client.keystore.jks
ssl.keystore.password = test1234
ssl.key.password = test1234
One or more of the following optional settings might also be needed, depending on your requirements and the broker configuration:
Property | Description | Value(s) |
---|---|---|
ssl.provider
|
The name of the security provider used for SSL connections. Default value is the default security provider of the JVM. | |
ssl.cipher.suites
|
Specify one or more cipher suites: named combinations of authentication, encryption, MAC and key exchange algorithms used to negotiate the security settings for a network connection using the TLS or SSL network protocol. | |
ssl.enabled.protocols
|
List at least one of the protocols configured on the broker side. Note: SSL is deprecated; its use in production is not recommended. |
TLSv1.2,TLSv1.1,TLSv1
|
ssl.keystore.type
|
Specify the SSL keystore type. |
JKS
|
ssl.truststore.type
|
Specify the SSL truststore type. |
JKS
|
The following two examples launch console-producer and console-consumer processes:
kafka-console-producer.sh --broker-list localhost:9093 --topic test --producer.config client-ssl.properties
kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic test --new-consumer --consumer.config client-ssl.properties