[
https://issues.apache.org/jira/browse/HBASE-28008?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bryan Beaudreault resolved HBASE-28008.
---------------------------------------
Fix Version/s: 2.6.0
3.0.0-beta-1
Release Note: If a properly shaded netty-tcnative is found on the
classpath, hbase will automatically pick it up for use in accelerating TLS
handling. Properly shaded means relocated to prefix with
org.apache.hbase.thirdparty
Assignee: Bryan Beaudreault
Resolution: Fixed
Pushed to master, branch-3, and branch-2. Thanks [~andor] and [~zhangduo] for
the reviews!
> Add support for tcnative
> ------------------------
>
> Key: HBASE-28008
> URL: https://issues.apache.org/jira/browse/HBASE-28008
> Project: HBase
> Issue Type: Improvement
> Reporter: Bryan Beaudreault
> Assignee: Bryan Beaudreault
> Priority: Major
> Labels: tls
> Fix For: 2.6.0, 3.0.0-beta-1
>
>
> In investigating HBASE-27947, tcnative can make a big impact on throughput
> over built-in jdk SSL support. We need three things to make it work:
> # In X509Util, if Openssl.isAvailable() (meaning tcnative is on the
> classpath):
> ## Use SslProvider.OPENSSL_REFCNT
> ## Update default ciphers to remove CBC ciphers, which do not work with
> tcnative. We can either pull the ciphers from
> OpenSsl.availableJavaCipherSuites() or simply use the default GCM ciphers we
> already have defined.
> # Our netty is shaded, so one can't simply put the tcnative jar on the
> classpath. We might need to provide an hbase-shaded-netty-tcnative module
> which one can optionally include in their deployment. We will have to decide
> which of the many tcnative modules to provide a shaded version for.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
