ssl.enabled.protocols — Kafka Broker Configuration
The list of protocols enabled for SSL connections. The default is 'TLSv1.
Description
The list of protocols enabled for SSL connections. The default is 'TLSv1.2,TLSv1.3' when running with Java 11 or newer, 'TLSv1.2' otherwise. With the default value for Java 11, clients and servers will prefer TLSv1.3 if both support it and fallback to TLSv1.2 otherwise (assuming both support at least TLSv1.2). This default should be fine for most cases. Also see the config documentation for `ssl.protocol`.
Default Values by Kafka Version
| Kafka Version | Default Value |
|---|---|
| 0.9.0 | [TLSv1.2, TLSv1.1, TLSv1] |
| 0.10.0 | [TLSv1.2, TLSv1.1, TLSv1] |
| 0.10.1 | [TLSv1.2, TLSv1.1, TLSv1] |
| 0.10.2 | TLSv1.2,TLSv1.1,TLSv1 |
| 0.11.0 | TLSv1.2,TLSv1.1,TLSv1 |
| 1.0 | TLSv1.2,TLSv1.1,TLSv1 |
| 1.1 | TLSv1.2,TLSv1.1,TLSv1 |
| 2.0 | TLSv1.2,TLSv1.1,TLSv1 |
| 2.1 | TLSv1.2,TLSv1.1,TLSv1 |
| 2.2 | TLSv1.2,TLSv1.1,TLSv1 |
| 2.3 | TLSv1.2,TLSv1.1,TLSv1 |
| 2.4 | TLSv1.2,TLSv1.1,TLSv1 |
| 2.5 | TLSv1.2 |
| 2.6 | TLSv1.2 |
| 2.7 | TLSv1.2 |
| 2.8 | TLSv1.2 |
| 3.0 | TLSv1.2 |
| 3.1 | TLSv1.2,TLSv1.3 |
| 3.2 | TLSv1.2 |
| 3.3 | TLSv1.2,TLSv1.3 |
| 3.4 | TLSv1.2 |
| 3.5 | TLSv1.2,TLSv1.3 |
| 3.6 | TLSv1.2,TLSv1.3 |
| 3.7 | TLSv1.2,TLSv1.3 |
| 3.8 | TLSv1.2,TLSv1.3 |
| 3.9 | TLSv1.2 |
| 4.0 | TLSv1.2,TLSv1.3 |
| 4.1 | TLSv1.2,TLSv1.3 |
| 4.2 | TLSv1.2,TLSv1.3 |
Manage Kafka configs across all your clusters with Conduktor Console — view, compare, and update configurations in one place.