[ https://issues.apache.org/jira/browse/HADOOP-16371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16863400#comment-16863400 ]
Sahil Takiar commented on HADOOP-16371: --------------------------------------- I'm thinking we can use most of the changes from HADOOP-16050, but do some refactoring so that Wildfly-OpenSSL is an option for ABFS, but not S3A. I think it should be okay to disable GCM by default, but there should be an option to add it back in (e.g. the S3A default is {{DEFAULT_JSSE_NO_GCM}} and the option {{DEFAULT_JSSE}} is just vanilla JSSE with all the default ciphers enabled). > Option to disable GCM for SSL connections when running on Java 8 > ---------------------------------------------------------------- > > Key: HADOOP-16371 > URL: https://issues.apache.org/jira/browse/HADOOP-16371 > Project: Hadoop Common > Issue Type: Sub-task > Components: fs/s3 > Reporter: Sahil Takiar > Assignee: Sahil Takiar > Priority: Major > > This was the original objective of HADOOP-16050. HADOOP-16050 was changed to > mimic HADOOP-15669 and added (or attempted to add) support for > Wildfly-OpenSSL in S3A. > Due to the number of issues have seen with S3A + WildFly OpenSSL (see > HADOOP-16346), HADOOP-16050 was reverted. > As shown in the description of HADOOP-16050, and the analysis done in > HADOOP-15669, GCM has major performance issues when running on Java 8. > Removing it from the list of available ciphers can drastically improve > performance, perhaps not as much as using OpenSSL, but still a considerable > amount. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org