'When a kafka-clients mTLS handshake happens during its life-cycle?
I'm using the Java library kafka-clients 3.0.0 since I have a K8s cluster with 3 brokers and I need to produce/consume on topics through microservices.
Both the Kafka brokers and clients have been correctly configured to authenticate clients through a mTLS protocol using a keystore and truststore. All the authentication and encryption communication works like a charm!
Here comes the issue: for security manners, the client certificates got renewed each day, so each certificate expires in 24 hours. When a client certificate got expired, the client is still able to communicate regularly with the Kafka brokers, both producing and consuming. I suppose this happens since the mTLS handshake between clients and brokers happens just the first time, when the producer/consumer get initialized, then there will be the same TCP channels to communicate.
Anyways, if it's working like that it seems to me a security issue. Does anybody know more about this kafka-clients behaviour? Is my hypothesis wrong? Is there a way to force the handshake after a while?
Thank you.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|