[
https://issues.apache.org/jira/browse/HDFS-9854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated HDFS-9854:
--------------------------------
Resolution: Fixed
Hadoop Flags: Reviewed
Fix Version/s: 2.8.0
Status: Resolved (was: Patch Available)
+1 for the patch. I have committed this to trunk, branch-2 and branch-2.8.
[~jojochuang], thank you for contributing the patch.
> Log cipher suite negotiation more verbosely
> -------------------------------------------
>
> Key: HDFS-9854
> URL: https://issues.apache.org/jira/browse/HDFS-9854
> Project: Hadoop HDFS
> Issue Type: Improvement
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Labels: encryption, supportability
> Fix For: 2.8.0
>
> Attachments: HADOOP-12816.001.patch
>
>
> We've had difficulty probing the root cause of performance slowdown with
> in-transit encryption using AES-NI. We finally found the root cause was the
> Hadoop client did not configure encryption properties correctly, so they did
> not negotiate AES cipher suite when creating an encrypted stream pair,
> despite the server (a data node) supports it. Existing debug message did not
> help. We saw debug message "Server using cipher suite AES/CTR/NoPadding" on
> the same data node, but that refers to the communication with other data
> nodes.
> It would be really helpful to log a debug message if a SASL server configures
> AES cipher suite, but the SASL client doesn't, or vice versa. This debug
> message should also log the client address to differentiate it from other
> stream pairs.
> More over, the debug message "Server using cipher suite AES/CTR/NoPadding"
> should also be extended to include the client's address.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
