[ https://issues.apache.org/jira/browse/HDFS-13060?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Xiaoyu Yao updated HDFS-13060: ------------------------------ Description: HDFS-5910 introduces encryption negotiation between client and server based on a customizable TrustedChannelResolver class. The TrustedChannelResolver is invoked on both client and server side. If the resolver indicates that the channel is trusted, then the data transfer will not be encrypted even if dfs.encrypt.data.transfer is set to true. The default trust channel resolver implementation returns false indicating that the channel is not trusted, which always enables encryption. HDFS-5910 also added a build-int whitelist based trust channel resolver. It allows you to put IP address/Network Mask of trusted client/server in whitelist files to skip encryption for certain traffics. This ticket is opened to add a blacklist based trust channel resolver for cases only certain machines (IPs) are untrusted without adding each trusted IP individually. was: HDFS-5920 introduces encryption negotiation between client and server based on a customizable TrustedChannelResolver class. The TrustedChannelResolver is invoked on both client and server side. If the resolver indicates that the channel is trusted, then the data transfer will not be encrypted even if dfs.encrypt.data.transfer is set to true. The default trust channel resolver implementation returns false indicating that the channel is not trusted, which always enables encryption. HDFS-5920 also added a build-int whitelist based trust channel resolver. It allows you to put IP address/Network Mask of trusted client/server in whitelist files to skip encryption for certain traffics. This ticket is opened to add a blacklist based trust channel resolver for cases only certain machines (IPs) are untrusted without adding each trusted IP individually. > Adding a BlacklistBasedTrustedChannelResolver for TrustedChannelResolver > ------------------------------------------------------------------------ > > Key: HDFS-13060 > URL: https://issues.apache.org/jira/browse/HDFS-13060 > Project: Hadoop HDFS > Issue Type: Bug > Reporter: Xiaoyu Yao > Assignee: Ajay Kumar > Priority: Major > > HDFS-5910 introduces encryption negotiation between client and server based > on a customizable TrustedChannelResolver class. The TrustedChannelResolver is > invoked on both client and server side. If the resolver indicates that the > channel is trusted, then the data transfer will not be encrypted even if > dfs.encrypt.data.transfer is set to true. > The default trust channel resolver implementation returns false indicating > that the channel is not trusted, which always enables encryption. HDFS-5910 > also added a build-int whitelist based trust channel resolver. It allows you > to put IP address/Network Mask of trusted client/server in whitelist files to > skip encryption for certain traffics. > This ticket is opened to add a blacklist based trust channel resolver for > cases only certain machines (IPs) are untrusted without adding each trusted > IP individually. > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org