Return-Path: X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5C6C918F89 for ; Wed, 24 Feb 2016 20:21:19 +0000 (UTC) Received: (qmail 20729 invoked by uid 500); 24 Feb 2016 20:21:18 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 20334 invoked by uid 500); 24 Feb 2016 20:21:18 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 20291 invoked by uid 99); 24 Feb 2016 20:21:18 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Feb 2016 20:21:18 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 4C66D2C1F6B for ; Wed, 24 Feb 2016 20:21:18 +0000 (UTC) Date: Wed, 24 Feb 2016 20:21:18 +0000 (UTC) From: "Chris Nauroth (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HDFS-9854) Log cipher suite negotiation more verbosely MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-9854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Chris Nauroth updated HDFS-9854: -------------------------------- Resolution: Fixed Hadoop Flags: Reviewed Fix Version/s: 2.8.0 Status: Resolved (was: Patch Available) +1 for the patch. I have committed this to trunk, branch-2 and branch-2.8. [~jojochuang], thank you for contributing the patch. > Log cipher suite negotiation more verbosely > ------------------------------------------- > > Key: HDFS-9854 > URL: https://issues.apache.org/jira/browse/HDFS-9854 > Project: Hadoop HDFS > Issue Type: Improvement > Reporter: Wei-Chiu Chuang > Assignee: Wei-Chiu Chuang > Labels: encryption, supportability > Fix For: 2.8.0 > > Attachments: HADOOP-12816.001.patch > > > We've had difficulty probing the root cause of performance slowdown with in-transit encryption using AES-NI. We finally found the root cause was the Hadoop client did not configure encryption properties correctly, so they did not negotiate AES cipher suite when creating an encrypted stream pair, despite the server (a data node) supports it. Existing debug message did not help. We saw debug message "Server using cipher suite AES/CTR/NoPadding" on the same data node, but that refers to the communication with other data nodes. > It would be really helpful to log a debug message if a SASL server configures AES cipher suite, but the SASL client doesn't, or vice versa. This debug message should also log the client address to differentiate it from other stream pairs. > More over, the debug message "Server using cipher suite AES/CTR/NoPadding" should also be extended to include the client's address. -- This message was sent by Atlassian JIRA (v6.3.4#6332)