Mutual TLS
Mutual TLS
Mutual TLS (mTLS) is the default method used to authenticate clients connections to Apache Kafka, Schema Registry and other platform components. It ensures that the parties at each side of the network connection are who they claim to be by verifying that they use the correct private key.
Broker
Axual Brokers are configured to use mTLS out of the box. Below you find instructions on how to override TLS Protocols and Cipher Suites, if you have the need to do so.
Configuring TLS protocol versions or cipher suites
|
From |
If you still want to enable old TLS protocol versions, you can add it by setting a configuration as mentioned below:
Discovery API
Per Mutual TLS, the endpoints are secured and can be accessed when provided with a client certificate signed by a certificate authority trusted in the instance. This is disabled by default, but can be activated per cluster.
| See the Deployment page for more information about the different service types, like cluster and instance services. |
Configuring TLS protocol versions or cipher suites
|
From |
If you still want to enable old TLS protocol versions, you can add it by setting a configuration as mentioned below:
Using Axual Helm Charts
Edit the values.yaml for your instance and add the following configuration
platform:
instance:
discoveryapi:
security:
protocols: TLSv1.2,TLSv1.1,TLSv1
# By default all JAVA 11 cipher suites are supported
ciphers: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,...