[jira] [Commented] (HADOOP-13836) Securing Hadoop RPC using SSL

Tue, 29 Nov 2016 08:05:08 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15705693#comment-15705693
 ] 

kartheek muthyala commented on HADOOP-13836:
--------------------------------------------

[~antkou], 

I liked your suggestion of using "hadoop.rpc.socket.factory.class.default" to 
specify our own SSLSocketFactory class on the Client side. For this I just have 
to move the existing SSL socket creation related changes from Client.java to a 
separate file. Will consider this in my next patch.

We have considered org.apache.hadoop.security.ssl.SSLFactory for creating 
SSLEngine on Server. But it doesn't has  SSLSocketChannel on top of SSLEngine, 
like niossl library does. Having this support would make us stick to the 
existing SocketChannel Server design. 



> Securing Hadoop RPC using SSL
> -----------------------------
>
>                 Key: HADOOP-13836
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13836
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: ipc
>            Reporter: kartheek muthyala
>            Assignee: kartheek muthyala
>         Attachments: HADOOP-13836.patch
>
>
> Today, RPC connections in Hadoop are encrypted using Simple Authentication & 
> Security Layer (SASL), with the Kerberos ticket based authentication or 
> Digest-md5 checksum based authentication protocols. This proposal is about 
> enhancing this cipher suite with SSL/TLS based encryption and authentication. 
> SSL/TLS is a proposed Internet Engineering Task Force (IETF) standard, that 
> provides data security and integrity across two different end points in a 
> network. This protocol has made its way to a number of applications such as 
> web browsing, email, internet faxing, messaging, VOIP etc. And supporting 
> this cipher suite at the core of Hadoop would give a good synergy with the 
> applications on top and also bolster industry adoption of Hadoop.
> The Server and Client code in Hadoop IPC should support the following modes 
> of communication
> 1.    Plain 
> 2.     SASL encryption with an underlying authentication
> 3.     SSL based encryption and authentication (x509 certificate)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to