[jira] [Commented] (HADOOP-13836) Securing Hadoop RPC using SSL

Mon, 28 Nov 2016 08:52:33 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15702466#comment-15702466
 ] 

Arun Suresh commented on HADOOP-13836:
--------------------------------------

bq. wire encryption can only be good, though the cost of negotiating secure 
HTTPS connections can be high; I don't know if this proposal will have the same 
problem.
[~steve_l], From my initial glance of the patch, it looks like it is replacing 
the socket used for the RPC with an SSL Socket. In which case, It should be 
technically possible to replace the standard JSSE SSLEngine with OpenSSL's JNI 
based codecs for improved performance (maybe as a later patch), like what 
Tomcat does.

[~kartheek], do you have some numbers that quantify the performance degradation 
?

> Securing Hadoop RPC using SSL
> -----------------------------
>
>                 Key: HADOOP-13836
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13836
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: ipc
>            Reporter: kartheek muthyala
>         Attachments: HADOOP-13836.patch
>
>
> Today, RPC connections in Hadoop are encrypted using Simple Authentication & 
> Security Layer (SASL), with the Kerberos ticket based authentication or 
> Digest-md5 checksum based authentication protocols. This proposal is about 
> enhancing this cipher suite with SSL/TLS based encryption and authentication. 
> SSL/TLS is a proposed Internet Engineering Task Force (IETF) standard, that 
> provides data security and integrity across two different end points in a 
> network. This protocol has made its way to a number of applications such as 
> web browsing, email, internet faxing, messaging, VOIP etc. And supporting 
> this cipher suite at the core of Hadoop would give a good synergy with the 
> applications on top and also bolster industry adoption of Hadoop.
> The Server and Client code in Hadoop IPC should support the following modes 
> of communication
> 1.    Plain 
> 2.     SASL encryption with an underlying authentication
> 3.     SSL based encryption and authentication (x509 certificate)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to