hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-9854) Log cipher suite negotiation more verbosely
Date Wed, 24 Feb 2016 20:21:18 GMT

     [ https://issues.apache.org/jira/browse/HDFS-9854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Chris Nauroth updated HDFS-9854:
--------------------------------
       Resolution: Fixed
     Hadoop Flags: Reviewed
    Fix Version/s: 2.8.0
           Status: Resolved  (was: Patch Available)

+1 for the patch.  I have committed this to trunk, branch-2 and branch-2.8.  [~jojochuang],
thank you for contributing the patch.

> Log cipher suite negotiation more verbosely
> -------------------------------------------
>
>                 Key: HDFS-9854
>                 URL: https://issues.apache.org/jira/browse/HDFS-9854
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: Wei-Chiu Chuang
>            Assignee: Wei-Chiu Chuang
>              Labels: encryption, supportability
>             Fix For: 2.8.0
>
>         Attachments: HADOOP-12816.001.patch
>
>
> We've had difficulty probing the root cause of performance slowdown with in-transit encryption
using AES-NI. We finally found the root cause was the Hadoop client did not configure encryption
properties correctly, so they did not negotiate AES cipher suite when creating an encrypted
stream pair, despite the server (a data node) supports it. Existing debug message did not
help. We saw debug message "Server using cipher suite AES/CTR/NoPadding" on the same data
node, but that refers to the communication with other data nodes.
> It would be really helpful to log a debug message if a SASL server configures AES cipher
suite, but the SASL client doesn't, or vice versa. This debug message should also log the
client address to differentiate it from other stream pairs. 
> More over, the debug message "Server using cipher suite AES/CTR/NoPadding" should also
be extended to include the client's address.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message