[
https://issues.apache.org/jira/browse/HDFS-6605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Wang updated HDFS-6605:
------------------------------
Attachment: hdfs-6605.001.patch
Patch attached. Overall idea:
- Client provides an ordered list of CipherSuites that it likes, the NN chooses
the highest priority one that it supports. If there are no valid CipherSuites
provided, exception.
- I made the CipherSuite part of CryptoCodec, since that's how you configure
which encryption algo to use right now. Since we only support one algo right
now, I didn't bother adding NN-side configs for doing smarter validation.
- Added a List<CipherSuite> to the internal create() in ClientProtocol, nothing
new exposed, had to mechanically update some unit tests.
> Client server negotiation of cipher suite
> -----------------------------------------
>
> Key: HDFS-6605
> URL: https://issues.apache.org/jira/browse/HDFS-6605
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: security
> Affects Versions: fs-encryption (HADOOP-10150 and HDFS-6134)
> Reporter: Andrew Wang
> Assignee: Andrew Wang
> Attachments: hdfs-6605.001.patch
>
>
> For compatibility purposes, the client and server should negotiate what
> cipher suite to use based on their respective capabilities. This is also a
> way for the server to reject old clients that do not support encryption.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
