-
Notifications
You must be signed in to change notification settings - Fork 209
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cpp VPC-SSL demo 一直报SSL错误 #70
Comments
I have this problem too, did you solve it? |
|
我用openssl的s_client命令测试了SSL,用demo里的证书去连我的kafka broker,发现SSL握手失败的原因是因为我的openssl编译的时候默认的TLS安全等级是2(不算特别高),但是这个证书里面的密钥长度仅1024,加密算法是sha1(早已满足不了今日的安全需求),这个1024bit密钥+sha1算法是不满足openssl TLS安全等级2的要求的,所以会握手失败,如果你一定要用阿里的证书的话,得把运行环境得openssl重新编译一遍,选最低的TLS安全等级(https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html ), 不过说实话选这么低等级的安全等级SSL就变得很鸡肋了 |
使用的就是ca-cert.pem,跟运行程序放在同一目录。
%3|1649398843.295|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-3.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-3.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 102ms in state CONNECT)
%3|1649398844.323|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-2.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-7mz2lwrke00l-2.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL
The text was updated successfully, but these errors were encountered: