[ https://issues.apache.org/jira/browse/HADOOP-16050?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16746272#comment-16746272 ]
Steve Loughran commented on HADOOP-16050: ----------------------------------------- some hints that this can be done in the connector setup, so we aren't dependent on the AWS SDK: https://developer.jboss.org/thread/275721 * there's a risk that in java 9+ we'd be coding in some regression: making this optional and experimental would be the obvious tactic, "fs.s3a.experimental.ciphers" & let people list them. * mark wildfly openssl as optional, doc etc. I can see the value of this on java 8 clusters. At the same time, I don't see space in my schedule to work on it. Can you take this up? It looks like you are best placed to do it. Note: we're only likely to be targeting Hadoop 3.1+, though I am thinking it's time to backport the latest AWS SDK updates to branch-2, because the shaded jackson there has a known security issue. Once this is in branch-2 we can look at backporting > Support setting cipher suites for s3a file system > ------------------------------------------------- > > Key: HADOOP-16050 > URL: https://issues.apache.org/jira/browse/HADOOP-16050 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 > Affects Versions: 2.9.1 > Reporter: Justin Uang > Priority: Major > Attachments: Screen Shot 2019-01-17 at 2.57.06 PM.png > > > We have found that when running the S3AFileSystem, it picks GCM as the ssl > cipher suite. Unfortunately this is well known to be slow on java 8: > [https://stackoverflow.com/questions/25992131/slow-aes-gcm-encryption-and-decryption-with-java-8u20.] > > In practice we have seen that it can take well over 50% of our CPU time in > spark workflows. We should add an option to set the list of cipher suites we > would like to use. !Screen Shot 2019-01-17 at 2.57.06 PM.png! -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org