You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Bryan Beaudreault (Jira)" <ji...@apache.org> on 2023/08/04 18:42:00 UTC

[jira] [Created] (HBASE-28008) Add support for tcnative

Bryan Beaudreault created HBASE-28008:
-----------------------------------------

             Summary: Add support for tcnative
                 Key: HBASE-28008
                 URL: https://issues.apache.org/jira/browse/HBASE-28008
             Project: HBase
          Issue Type: Improvement
            Reporter: Bryan Beaudreault


In investigating HBASE-27947, tcnative can make a big impact on throughput over built-in jdk SSL support. We need three things to make it work:
 # In X509Util, if Openssl.isAvailable() (meaning tcnative is on the classpath):
 ## Use SslProvider.OPENSSL_REFCNT
 ## Update default ciphers to remove CBC ciphers, which do not work with tcnative. We can either pull the ciphers from OpenSsl.availableJavaCipherSuites() or simply use the default GCM ciphers we already have defined.
 # Our netty is shaded, so one can't simply put the tcnative jar on the classpath. We might need to provide an hbase-shaded-netty-tcnative module which one can optionally include in their deployment. We will have to decide which of the many tcnative modules to provide a shaded version for.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)