You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Sahil Takiar (JIRA)" <ji...@apache.org> on 2019/06/13 19:44:00 UTC
[jira] [Commented] (HADOOP-16371) Option to disable GCM for SSL
connections when running on Java 8
[ https://issues.apache.org/jira/browse/HADOOP-16371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16863400#comment-16863400 ]
Sahil Takiar commented on HADOOP-16371:
---------------------------------------
I'm thinking we can use most of the changes from HADOOP-16050, but do some refactoring so that Wildfly-OpenSSL is an option for ABFS, but not S3A. I think it should be okay to disable GCM by default, but there should be an option to add it back in (e.g. the S3A default is {{DEFAULT_JSSE_NO_GCM}} and the option {{DEFAULT_JSSE}} is just vanilla JSSE with all the default ciphers enabled).
> Option to disable GCM for SSL connections when running on Java 8
> ----------------------------------------------------------------
>
> Key: HADOOP-16371
> URL: https://issues.apache.org/jira/browse/HADOOP-16371
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Reporter: Sahil Takiar
> Assignee: Sahil Takiar
> Priority: Major
>
> This was the original objective of HADOOP-16050. HADOOP-16050 was changed to mimic HADOOP-15669 and added (or attempted to add) support for Wildfly-OpenSSL in S3A.
> Due to the number of issues have seen with S3A + WildFly OpenSSL (see HADOOP-16346), HADOOP-16050 was reverted.
> As shown in the description of HADOOP-16050, and the analysis done in HADOOP-15669, GCM has major performance issues when running on Java 8. Removing it from the list of available ciphers can drastically improve performance, perhaps not as much as using OpenSSL, but still a considerable amount.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org