You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Alexey Serbin (Code Review)" <ge...@cloudera.org> on 2021/03/18 02:01:11 UTC
[kudu-CR] [security] turn off TLS session cache
Alexey Serbin has uploaded this change for review. ( http://gerrit.cloudera.org:8080/17197
Change subject: [security] turn off TLS session cache
......................................................................
[security] turn off TLS session cache
As of now, a Kudu RPC connection cannot be re-established based on TLS
session. Every connection attempt leads to negotiating a new connection
from scratch since the client should have been calling SSL_set_session()
explicitly to use a TLS session to re-establish previously used
connection. Disabling the TLS session cache on both sides helps to
spare a bit of memory and CPU needed to maintain the cache otherwise.
Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
---
M src/kudu/security/tls_context.cc
1 file changed, 9 insertions(+), 0 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/97/17197/1
--
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
[kudu-CR] [security] turn off TLS session cache
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/17197 )
Change subject: [security] turn off TLS session cache
......................................................................
[security] turn off TLS session cache
As of now, a Kudu RPC connection cannot be re-established based on TLS
session. Every connection attempt leads to negotiating a new connection
from scratch since the client should have been calling SSL_set_session()
explicitly to use a TLS session to re-establish previously used
connection. Disabling the TLS session cache on both sides helps to
spare a bit of memory and CPU needed to maintain the cache otherwise.
Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Reviewed-on: http://gerrit.cloudera.org:8080/17197
Tested-by: Alexey Serbin <as...@cloudera.com>
Reviewed-by: Grant Henke <gr...@apache.org>
Reviewed-by: Attila Bukor <ab...@apache.org>
---
M src/kudu/security/tls_context.cc
1 file changed, 9 insertions(+), 0 deletions(-)
Approvals:
Alexey Serbin: Verified
Grant Henke: Looks good to me, but someone else must approve
Attila Bukor: Looks good to me, approved
--
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 2
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Grant Henke <gr...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
[kudu-CR] [security] turn off TLS session cache
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has removed a vote on this change.
Change subject: [security] turn off TLS session cache
......................................................................
Removed Verified-1 by Kudu Jenkins (120)
--
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: deleteVote
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
[kudu-CR] [security] turn off TLS session cache
Posted by "Attila Bukor (Code Review)" <ge...@cloudera.org>.
Attila Bukor has posted comments on this change. ( http://gerrit.cloudera.org:8080/17197 )
Change subject: [security] turn off TLS session cache
......................................................................
Patch Set 1: Code-Review+2
--
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Grant Henke <gr...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Thu, 18 Mar 2021 15:09:06 +0000
Gerrit-HasComments: No
[kudu-CR] [security] turn off TLS session cache
Posted by "Alexey Serbin (Code Review)" <ge...@cloudera.org>.
Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/17197 )
Change subject: [security] turn off TLS session cache
......................................................................
Patch Set 1: Verified+1
unrelated test failures
--
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Thu, 18 Mar 2021 03:15:41 +0000
Gerrit-HasComments: No
[kudu-CR] [security] turn off TLS session cache
Posted by "Grant Henke (Code Review)" <ge...@cloudera.org>.
Grant Henke has posted comments on this change. ( http://gerrit.cloudera.org:8080/17197 )
Change subject: [security] turn off TLS session cache
......................................................................
Patch Set 1: Code-Review+1
--
To view, visit http://gerrit.cloudera.org:8080/17197
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I471b2c9dd3a406bb3604d86d28b5977289af2b09
Gerrit-Change-Number: 17197
Gerrit-PatchSet: 1
Gerrit-Owner: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <as...@cloudera.com>
Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com>
Gerrit-Reviewer: Attila Bukor <ab...@apache.org>
Gerrit-Reviewer: Grant Henke <gr...@apache.org>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Comment-Date: Thu, 18 Mar 2021 13:45:20 +0000
Gerrit-HasComments: No