ssl.engine.factory.class — Kafka Broker Configuration
The class of type org.apache.
Description
The class of type org.apache.kafka.common.security.auth.SslEngineFactory to provide SSLEngine objects. Default value is org.apache.kafka.common.security.ssl.DefaultSslEngineFactory. Alternatively, setting this to org.apache.kafka.common.security.ssl.CommonNameLoggingSslEngineFactory will log the common name of expired SSL certificates used by clients to authenticate at any of the brokers with log level INFO. Note that this will cause a tiny delay during establishment of new connections from mTLS clients to brokers due to the extra code for examining the certificate chain provided by the client. Note further that the implementation uses a custom truststore based on the standard Java truststore and thus might be considered a security risk due to not being as mature as the standard one.
Default Values by Kafka Version
| Kafka Version | Default Value |
|---|---|
| 2.6 | null |
| 2.7 | null |
| 2.8 | null |
| 3.0 | null |
| 3.1 | null |
| 3.2 | null |
| 3.3 | null |
| 3.4 | null |
| 3.5 | null |
| 3.6 | null |
| 3.7 | null |
| 3.8 | null |
| 3.9 | null |
| 4.0 | null |
| 4.1 | null |
| 4.2 | null |