SSL configuration should permit cipher suite selection

[godber]

Newer linux releases configure SSL to exclude older cipher suites by default. Like shown in this post here:

https://jonboulineau.me/blog/kafka/kafka-tls-issue

When debugging a kafka SSL connection using openssl s_client you will encounter the following error:

Verify return code: 68 (CA signature digest algorithm too weak)

Permitting specific cipher suites will allow users to work around this (for better or worse). At the very least, Teraslice users should be able to specify the cipher suites used in the kafka SSL connection. For kafkacat that is the command line argument -X ssl.cipher.suites=. See ssl.cipher.suites here: https://github.com/edenhill/librdkafka/blob/v1.5.2/CONFIGURATION.md

I think at the moment this would get configured on the connector config with all of the other SSL stuff.

[godber]

I forgot to add on my initial post here that this isn't urgent and the error linked to doesn't impact us yet because our base image doesn't impose this SSL cipher constraint yet.