hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gergely Pollak (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15813) Enable more reliable SSL connection reuse
Date Tue, 02 Oct 2018 21:11:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15813?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16636125#comment-16636125
] 

Gergely Pollak commented on HADOOP-15813:
-----------------------------------------

Hi, [~daryn] thank you for the patch. I'm aware this patch mainly focuses on the KMS load
issues, but for the sake of consistency shouldn't be the SSL Server Socket Factory cached
as well?

> Enable more reliable SSL connection reuse
> -----------------------------------------
>
>                 Key: HADOOP-15813
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15813
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: common
>    Affects Versions: 2.6.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Major
>         Attachments: HADOOP-15813.patch
>
>
> The java keep-alive cache relies on instance equivalence of the SSL socket factory. 
In many java versions, SSLContext#getSocketFactory always returns a new instance which completely
breaks the cache.  Clients flooding a service with lingering per-request connections that
can lead to port exhaustion.  The hadoop SSLFactory should cache the socket factory associated
with the context.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message