[jira] [Commented] (HADOOP-16460) ABFS: fix for Sever Name Indication (SNI)

Mon, 29 Jul 2019 21:47:21 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-16460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16895777#comment-16895777
 ] 

Sneha Vijayarajan commented on HADOOP-16460:
--------------------------------------------

The issue that Wildfly release 1.0.7.Final solves is addition of SNI (Server 
Name Indication) as TLS extension. [[~vishwajeet.dusane] introduced this change 
into WildFly repo : [https://github.com/wildfly/wildfly-openssl/pull/60].

When SNI was missing, connections were failing to be established in a firewall 
enabled cluster. To test the patch, on a firewall enabled cluster, first we 
verified that connections fail with older Wildfly (1.0.4.Final) release and 
once the latest release (1.0.7.Final) was patched into the cluster, connections 
were successful.

For actual verification that SNI is present in TLS extension, HTTPs traffic was 
monitored. Below is the comparision of the run between 2 Wildfly releases.

!image-2019-07-30-10-11-37-970.png!

As verification will need packet capture to confirm SNI is present, it will not 
be possible to check through a testcase.

> ABFS: fix for Sever Name Indication (SNI)
> -----------------------------------------
>
>                 Key: HADOOP-16460
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16460
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs/azure
>    Affects Versions: 3.2.0, 3.1.2
>            Reporter: Thomas Marquardt
>            Assignee: Sneha Vijayarajan
>            Priority: Major
>         Attachments: DriverTestResult.log, HADOOP-16460.001.patch, 
> image-2019-07-30-10-11-37-970.png
>
>
> We need to update wildfly-openssl to 1.0.7.Final in ./hadoop-project/pom.xml.
>  
> ABFS depends on wildfly-openssl for secure sockets due to the performance 
> improvements. The current wildfly-openssl does not support Server Name 
> Indication (SNI). A fix was made in 
> https://github.com/wildfly/wildfly-openssl/issues/59 and there is an official 
> release of wildfly-openssl with the fix 
> ([https://github.com/wildfly/wildfly-openssl/releases/tag/1.0.7.Final)|https://github.com/wildfly/wildfly-openssl/releases/tag/1.0.7.Final).].
>   The fix has been validated.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to