[
https://issues.apache.org/jira/browse/HADOOP-16371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16863400#comment-16863400
]
Sahil Takiar commented on HADOOP-16371:
---------------------------------------
I'm thinking we can use most of the changes from HADOOP-16050, but do some
refactoring so that Wildfly-OpenSSL is an option for ABFS, but not S3A. I think
it should be okay to disable GCM by default, but there should be an option to
add it back in (e.g. the S3A default is {{DEFAULT_JSSE_NO_GCM}} and the option
{{DEFAULT_JSSE}} is just vanilla JSSE with all the default ciphers enabled).
> Option to disable GCM for SSL connections when running on Java 8
> ----------------------------------------------------------------
>
> Key: HADOOP-16371
> URL: https://issues.apache.org/jira/browse/HADOOP-16371
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Reporter: Sahil Takiar
> Assignee: Sahil Takiar
> Priority: Major
>
> This was the original objective of HADOOP-16050. HADOOP-16050 was changed to
> mimic HADOOP-15669 and added (or attempted to add) support for
> Wildfly-OpenSSL in S3A.
> Due to the number of issues have seen with S3A + WildFly OpenSSL (see
> HADOOP-16346), HADOOP-16050 was reverted.
> As shown in the description of HADOOP-16050, and the analysis done in
> HADOOP-15669, GCM has major performance issues when running on Java 8.
> Removing it from the list of available ciphers can drastically improve
> performance, perhaps not as much as using OpenSSL, but still a considerable
> amount.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
