You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use librdkafka as client lib to connect to docker kafka broker through tls connection. We need to support both IPv4 and IPv6. So the broker address was set to [ip]:port, like [10.4.1000.35]:9094. One problem I encountered was the tls handshake failed and the error returned from the server side was Illegal Parameter. A SNI=[10.4.1000.35] is carried with Client Hello message. After changing the address to 10.4.100.35:9094, tls connection was successful and no SNI in Client Hello.
I tried openssl command directly on the same system and can connect to the broker as well. No SNI in client hello message
openssl s_client -connect [10.4.100.35]:9094 -CApath ... -key ...
So not sure who populated SNI in the hello message, librdkafka or openssl? And how to set broker address if want to support both IPv4 and IPv6.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I use librdkafka as client lib to connect to docker kafka broker through tls connection. We need to support both IPv4 and IPv6. So the broker address was set to [ip]:port, like [10.4.1000.35]:9094. One problem I encountered was the tls handshake failed and the error returned from the server side was Illegal Parameter. A SNI=[10.4.1000.35] is carried with Client Hello message. After changing the address to 10.4.100.35:9094, tls connection was successful and no SNI in Client Hello.
I tried openssl command directly on the same system and can connect to the broker as well. No SNI in client hello message
openssl s_client -connect [10.4.100.35]:9094 -CApath ... -key ...
So not sure who populated SNI in the hello message, librdkafka or openssl? And how to set broker address if want to support both IPv4 and IPv6.
Beta Was this translation helpful? Give feedback.
All reactions