diff --git a/bitnami/kafka/3.5/debian-11/Dockerfile b/bitnami/kafka/3.5/debian-11/Dockerfile
index ede62f8d1a47..683f06b5d67c 100644
--- a/bitnami/kafka/3.5/debian-11/Dockerfile
+++ b/bitnami/kafka/3.5/debian-11/Dockerfile
@@ -8,10 +8,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-08-17T19:17:54Z" \
+      org.opencontainers.image.created="2023-08-19T19:36:39Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="3.5.1-debian-11-r24" \
+      org.opencontainers.image.ref.name="3.5.1-debian-11-r25" \
       org.opencontainers.image.title="kafka" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="3.5.1"
@@ -27,10 +27,10 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN install_packages ca-certificates curl procps zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
     COMPONENTS=( \
-      "wait-for-port-1.0.6-11-linux-${OS_ARCH}-debian-11" \
-      "java-17.0.8-7-2-linux-${OS_ARCH}-debian-11" \
-      "render-template-1.0.5-10-linux-${OS_ARCH}-debian-11" \
-      "kafka-3.5.1-1-linux-${OS_ARCH}-debian-11" \
+      "wait-for-port-1.0.6-12-linux-${OS_ARCH}-debian-11" \
+      "java-17.0.8-7-3-linux-${OS_ARCH}-debian-11" \
+      "render-template-1.0.5-12-linux-${OS_ARCH}-debian-11" \
+      "kafka-3.5.1-2-linux-${OS_ARCH}-debian-11" \
     ) && \
     for COMPONENT in "${COMPONENTS[@]}"; do \
       if [ ! -f "${COMPONENT}.tar.gz" ]; then \
diff --git a/bitnami/kafka/3.5/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/kafka/3.5/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
index 5e150f582c9e..e89b110bc32f 100644
--- a/bitnami/kafka/3.5/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/kafka/3.5/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
@@ -3,24 +3,24 @@
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "17.0.8-7-2"
+        "version": "17.0.8-7-3"
     },
     "kafka": {
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "3.5.1-1"
+        "version": "3.5.1-2"
     },
     "render-template": {
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "1.0.5-10"
+        "version": "1.0.5-12"
     },
     "wait-for-port": {
         "arch": "amd64",
         "distro": "debian-11",
         "type": "NAMI",
-        "version": "1.0.6-11"
+        "version": "1.0.6-12"
     }
 }
\ No newline at end of file
diff --git a/bitnami/kafka/3.5/debian-11/rootfs/opt/bitnami/scripts/kafka-env.sh b/bitnami/kafka/3.5/debian-11/rootfs/opt/bitnami/scripts/kafka-env.sh
index 5a0a8fb6b456..0984b805343a 100644
--- a/bitnami/kafka/3.5/debian-11/rootfs/opt/bitnami/scripts/kafka-env.sh
+++ b/bitnami/kafka/3.5/debian-11/rootfs/opt/bitnami/scripts/kafka-env.sh
@@ -32,8 +32,6 @@ kafka_env_vars=(
     KAFKA_TLS_TRUSTSTORE_FILE
     KAFKA_TLS_TYPE
     KAFKA_TLS_CLIENT_AUTH
-    KAFKA_TLS_INTER_BROKER_AUTH
-    KAFKA_TLS_CONTROLLER_AUTH
     KAFKA_OPTS
     KAFKA_CFG_SASL_ENABLED_MECHANISMS
     KAFKA_KRAFT_CLUSTER_ID
@@ -90,8 +88,6 @@ export KAFKA_CERTIFICATE_PASSWORD="${KAFKA_CERTIFICATE_PASSWORD:-}"
 export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_TLS_TRUSTSTORE_FILE:-}"
 export KAFKA_TLS_TYPE="${KAFKA_TLS_TYPE:-JKS}"
 export KAFKA_TLS_CLIENT_AUTH="${KAFKA_TLS_CLIENT_AUTH:-required}"
-export KAFKA_TLS_INTER_BROKER_AUTH="${KAFKA_TLS_INTER_BROKER_AUTH:-$KAFKA_TLS_CLIENT_AUTH}"
-export KAFKA_TLS_CONTROLLER_AUTH="${KAFKA_TLS_CONTROLLER_AUTH:-$KAFKA_TLS_CLIENT_AUTH}"
 export KAFKA_OPTS="${KAFKA_OPTS:-}"
 
 # Kafka configuration overrides
diff --git a/bitnami/kafka/3.5/debian-11/rootfs/opt/bitnami/scripts/libkafka.sh b/bitnami/kafka/3.5/debian-11/rootfs/opt/bitnami/scripts/libkafka.sh
index 51923d6608cb..58c804901e3c 100644
--- a/bitnami/kafka/3.5/debian-11/rootfs/opt/bitnami/scripts/libkafka.sh
+++ b/bitnami/kafka/3.5/debian-11/rootfs/opt/bitnami/scripts/libkafka.sh
@@ -711,6 +711,7 @@ kafka_configure_ssl() {
         kafka_server_conf_set "${1:?missing key}" "${2:?missing value}"
         kafka_producer_consumer_conf_set "${1:?missing key}" "${2:?missing value}"
     }
+    kafka_server_conf_set "ssl.client.auth" "${KAFKA_TLS_CLIENT_AUTH}"
     configure_both ssl.keystore.type "${KAFKA_TLS_TYPE}"
     configure_both ssl.truststore.type "${KAFKA_TLS_TYPE}"
     local -r kafka_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_TLS_TRUSTSTORE_FILE}")"
@@ -978,7 +979,9 @@ kafka_initialize() {
             listener_lower="$(echo "$listener" | tr '[:upper:]' '[:lower:]')"
 
             if [[ "$protocol" = "SSL" || "$protocol" = "SASL_SSL" ]]; then
-                kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "$KAFKA_TLS_INTER_BROKER_AUTH"
+                listener_upper="$(echo "$listener" | tr '[:lower:]' '[:upper:]')"
+                env_name="KAFKA_TLS_${listener_upper}_CLIENT_AUTH"
+                [[ -n "${!env_name:-}" ]] && kafka_server_conf_set "listener.name.${listener_lower}.ssl.client.auth" "${!env_name}"
             fi
             if [[ "$protocol" = "SASL_PLAINTEXT" || "$protocol" = "SASL_SSL" ]]; then
                 local role=""