Some progress. I have filed HBASE-15743 for the transparent encryption support, and HBASE-15754 for the AES encryption UT. Now both of them are resolved. Let's resume the discussion here.
Thanks. 2016-05-03 10:09 GMT+08:00 张铎 <palomino...@gmail.com>: > Fine, will add the testcase. > > And for the RPC, we only implement a new client side DTP here and still > use the original RPC. > > Thanks. > > 2016-05-03 3:20 GMT+08:00 Gary Helmling <ghelml...@gmail.com>: > >> On Fri, Apr 29, 2016 at 6:24 PM 张铎 <palomino...@gmail.com> wrote: >> >> > Yes, it does. There is testcase that enumerates all the possible >> protection >> > level(authentication, integrity and privacy) and encryption >> algorithm(none, >> > 3des, rc4). >> > >> > >> > >> https://github.com/apache/hbase/blob/master/hbase-server/src/test/java/org/apache/hadoop/hbase/io/asyncfs/TestSaslFanOutOneBlockAsyncDFSOutput.java >> > >> > I have also tested it in a secure cluster(hbase-2.0.0-SNAPSHOT and >> > hadoop-2.4.0). >> > >> >> Thanks. Can you add in support for testing with AES >> (dfs.encrypt.data.transfer.cipher.suites=AES/CTR/NoPadding)? This is only >> available in Hadoop 2.6.0+, but I think is far more likely to be used in >> production than 3des or rc4. > > >> Also, have you been following HADOOP-10768? That is changing Hadoop RPC >> encryption negotiation to support more performant AES wrapping, similar to >> what is now supported in the data transfer pipeline. >> > >
