CPS-2179 Secure Kafka Messages

Owned by Gerard Nugent
Last updated: Nov 05, 2024
1 min read

Description

Use SSL Bundles in Kafka Config (methods without SSL have been deprecated) 

See

https://docs.spring.io/spring-boot/docs/current/api/org/springframework/boot/autoconfigure/kafka/KafkaProperties.html#buildConsumerProperties(org.springframework.boot.ssl.SslBundles)

and 

Securing Spring Boot Applications With SSL Bundles | Baeldung  

 

What is SSL?

SSL is standard technology for securing a connection between a server and client.

Secure Sockets Layer (SSL) certificates, sometimes called digital certificates, are used to establish an encrypted connection between a browser or user’s computer and a server or website.

Handshake Protocol is used to establish sessions. This protocol allows the client and server to authenticate each other by sending a series of messages to each other. Handshake protocol uses four phases to complete its cycle.

 

SSLHandshakeDiagByakhilabhilash01.png

SSL Bundles

An SSL bundle typically refers to a collection of certificates.

The main difference is that an SSL certificate is the singular certificate for a domain, while an SSL bundle contains multiple certificates necessary for complete validation and trust establishment.

The bundle can include the SSL certificate, intermediate certificates and a root certificate creating a trust chain to the server. Thus, An SSL Bundle encapsulates all the trust material and configuration settings, such as keystores, certificates, and private keys, into a single, easily manageable unit.