KIP-538 — Add a metric tracking the number of open connections with a given SSL cipher type
Accepted Kafka 2.5 MetricsSecurity
KIP-538 adds a per-listener JMX metric (`kafka.common.network:type=selector-metrics,cipher-suite=<suite>,protocol=<protocol>,name=connections`) counting the number of open SSL connections using each cipher suite and protocol version. Operators managing cipher security have no way to verify which cipher suites are actually in use because the information is only logged at DEBUG/TRACE level and not aggregated.
Details
| Author | Colin McCabe |
| Status | Accepted |
| Kafka Version | 2.5 |
| JIRA | KAFKA-9091 |
| Wiki | View on Apache Wiki |
| Created | 2019-10-16 |
| Last Modified | 2019-10-24 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.