You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@kudu.apache.org by "Alexey Serbin (Code Review)" <ge...@cloudera.org> on 2021/03/18 02:01:11 UTC

[kudu-CR] [security] turn off TLS session cache

Alexey Serbin has uploaded this change for review. ( http://gerrit.cloudera.org:8080/17197


Change subject: [security] turn off TLS session cache
......................................................................

[security] turn off TLS session cache

As of now, a Kudu RPC connection cannot be re-established based on TLS
session.  Every connection attempt leads to negotiating a new connection
from scratch since the client should have been calling SSL_set_session()
explicitly to use a TLS session to re-establish previously used
connection.  Disabling the TLS session cache on both sides helps to
spare a bit of memory and CPU needed to maintain the cache otherwise.

Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
---
M src/kudu/security/tls_context.cc
1 file changed, 9 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/97/17197/1
-- 
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>

[kudu-CR] [security] turn off TLS session cache

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/17197 )

Change subject: [security] turn off TLS session cache
......................................................................

[security] turn off TLS session cache

As of now, a Kudu RPC connection cannot be re-established based on TLS
session.  Every connection attempt leads to negotiating a new connection
from scratch since the client should have been calling SSL_set_session()
explicitly to use a TLS session to re-establish previously used
connection.  Disabling the TLS session cache on both sides helps to
spare a bit of memory and CPU needed to maintain the cache otherwise.

Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Reviewed-on: http://gerrit.cloudera.org:8080/17197
Tested-by: Alexey Serbin <as...@cloudera.com>
Reviewed-by: Grant Henke <gr...@apache.org>
Reviewed-by: Attila Bukor <ab...@apache.org>
---
M src/kudu/security/tls_context.cc
1 file changed, 9 insertions(+), 0 deletions(-)

Approvals:
  Alexey Serbin: Verified
  Grant Henke: Looks good to me, but someone else must approve
  Attila Bukor: Looks good to me, approved

-- 
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Grant Henke <gr...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] [security] turn off TLS session cache

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has removed a vote on this change.

Change subject: [security] turn off TLS session cache
......................................................................


Removed Verified-1 by Kudu Jenkins (120)
-- 
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: deleteVote
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)

[kudu-CR] [security] turn off TLS session cache

Posted by "Attila Bukor (Code Review)" <ge...@cloudera.org>.

Attila Bukor has posted comments on this change. ( http://gerrit.cloudera.org:8080/17197 )

Change subject: [security] turn off TLS session cache
......................................................................


Patch Set 1: Code-Review+2


-- 
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Grant Henke <gr...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Thu, 18 Mar 2021 15:09:06 +0000
Gerrit-HasComments: No

[kudu-CR] [security] turn off TLS session cache

Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.

Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17197 )

Change subject: [security] turn off TLS session cache
......................................................................


Patch Set 1: Verified+1

unrelated test failures


-- 
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Thu, 18 Mar 2021 03:15:41 +0000
Gerrit-HasComments: No

[kudu-CR] [security] turn off TLS session cache

Posted by "Grant Henke (Code Review)" <ge...@cloudera.org>.

Grant Henke has posted comments on this change. ( http://gerrit.cloudera.org:8080/17197 )

Change subject: [security] turn off TLS session cache
......................................................................


Patch Set 1: Code-Review+1


-- 
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Grant Henke <gr...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Thu, 18 Mar 2021 13:45:20 +0000
Gerrit-HasComments: No