Warning about ssl.PROTOCOL_TLS deprecation. #2682
Description
(Not my area of expertise, and apologize if this is already known/being worked on. I did a little searching across the project issues for "PROTOCOL_TLS" and didn't see anything.)
When using Kafka Python 2.2.15 running in a Python 3.13.7 environment, I'm seeing deprecation warnings like this:
DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
self._ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) # pylint: disable=no-member
Triggering line from the stack trace is kafka/conn.py:486.
Invoking code is something like this:
kp = KafkaProducer(
[ ... ]
security_protocol="SASL_SSL",
[ ... ]
)From looking at some other Kafka-related projects, it looks like the warning is related to this deprecation: https://docs.python.org/3/library/ssl.html#ssl.PROTOCOL_TLS.
As near as I can tell:
- Setting security protocol to "SASL_SSL" in the client KafkaProducer code
- Causes Kafka Python to set "ssl.PROTOCOL_SSLv23" as part of the SSL context in conn.py
- "PROTOCOL_SSLv23" is (in recent Pythons) an alias to "PROTOCOL_TLS"
- Which then triggers the deprecation warning in Pythons later than 3.10.
From the Python docs, looks like switching to "PROTOCOL_TLS_CLIENT"/"PROTOCOL_TLS_SERVER" will remediate the warning, but I am absolutely NOT any kind of expert on SSL/TLS, so I don't know if there could be further ramifications to that change that would require other changes.