OK, so openssl connects OK, which suggests kafka is correctly configured. Running out of ideas here. Searching throws up a number of other occurrences of this (e.g. this, this, and this).
Can you remove the non-SSL entry from advertised listeners?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.