[
https://issues.apache.org/jira/browse/HADOOP-12816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang updated HADOOP-12816:
-------------------------------------
Summary: Log peer's address if the peer does not negotiate AES cipher codec
(was: Log peer's address if the pree does not negotiate AES cipher codec)
> Log peer's address if the peer does not negotiate AES cipher codec
> ------------------------------------------------------------------
>
> Key: HADOOP-12816
> URL: https://issues.apache.org/jira/browse/HADOOP-12816
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Labels: encryption, supportability
>
> We've had difficulty probing the root cause of performance slowdown with
> in-transit encryption using AES-NI. We finally found the root cause was the
> Hadoop client did not configure encryption properties correctly, so they did
> not negotiate AES cipher suite when creating an encrypted stream pair,
> despite the server (a data node) supports it. Existing debug message did not
> help. We saw debug message "Server using cipher suite AES/CTR/NoPadding" on
> the same data node, but that refers to the communication with other data
> nodes.
> It would be really helpful to log a debug message if a SASL server configures
> AES cipher suite, but the SASL client doesn't, or vice versa. This debug
> message should also log the client address to differentiate it from other
> stream pairs.
> More over, the debug message "Server using cipher suite AES/CTR/NoPadding"
> should also be extended to include the client's address.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
