ssl.protocol — Kafka Broker Configuration
The SSL protocol used to generate the SSLContext. The default is 'TLSv1.
Description
The SSL protocol used to generate the SSLContext. The default is 'TLSv1.3' when running with Java 11 or newer, 'TLSv1.2' otherwise. This value should be fine for most use cases. Allowed values in recent JVMs are 'TLSv1.2' and 'TLSv1.3'. 'TLS', 'TLSv1.1', 'SSL', 'SSLv2' and 'SSLv3' may be supported in older JVMs, but their usage is discouraged due to known security vulnerabilities. With the default value for this config and 'ssl.enabled.protocols', clients will downgrade to 'TLSv1.2' if the server does not support 'TLSv1.3'. If this config is set to 'TLSv1.2', clients will not use 'TLSv1.3' even if it is one of the values in ssl.enabled.protocols and the server only supports 'TLSv1.3'.
Default Values by Kafka Version
| Kafka Version | Default Value |
|---|---|
| 0.9.0 | TLS |
| 0.10.0 | TLS |
| 0.10.1 | TLS |
| 0.10.2 | TLS |
| 0.11.0 | TLS |
| 1.0 | TLS |
| 1.1 | TLS |
| 2.0 | TLS |
| 2.1 | TLS |
| 2.2 | TLS |
| 2.3 | TLS |
| 2.4 | TLS |
| 2.5 | TLSv1.2 |
| 2.6 | TLSv1.2 |
| 2.7 | TLSv1.2 |
| 2.8 | TLSv1.2 |
| 3.0 | TLSv1.2 |
| 3.1 | TLSv1.3 |
| 3.2 | TLSv1.2 |
| 3.3 | TLSv1.3 |
| 3.4 | TLSv1.2 |
| 3.5 | TLSv1.3 |
| 3.6 | TLSv1.3 |
| 3.7 | TLSv1.3 |
| 3.8 | TLSv1.3 |
| 3.9 | TLSv1.2 |
| 4.0 | TLSv1.3 |
| 4.1 | TLSv1.3 |
| 4.2 | TLSv1.3 |