hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Wang (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-6605) Client server negotiation of cipher suite
Date Wed, 02 Jul 2014 02:13:25 GMT

     [ https://issues.apache.org/jira/browse/HDFS-6605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Andrew Wang updated HDFS-6605:

    Attachment: hdfs-6605.001.patch

Patch attached. Overall idea:

- Client provides an ordered list of CipherSuites that it likes, the NN chooses the highest
priority one that it supports. If there are no valid CipherSuites provided, exception.
- I made the CipherSuite part of CryptoCodec, since that's how you configure which encryption
algo to use right now. Since we only support one algo right now, I didn't bother adding NN-side
configs for doing smarter validation.
- Added a List<CipherSuite> to the internal create() in ClientProtocol, nothing new
exposed, had to mechanically update some unit tests.

> Client server negotiation of cipher suite
> -----------------------------------------
>                 Key: HDFS-6605
>                 URL: https://issues.apache.org/jira/browse/HDFS-6605
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
>            Reporter: Andrew Wang
>            Assignee: Andrew Wang
>         Attachments: hdfs-6605.001.patch
> For compatibility purposes, the client and server should negotiate what cipher suite
to use based on their respective capabilities. This is also a way for the server to reject
old clients that do not support encryption.

This message was sent by Atlassian JIRA

View raw message