[
https://issues.apache.org/jira/browse/HDDS-11604?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang resolved HDDS-11604.
------------------------------------
Resolution: Invalid
Checked the code deep, and realized OpenSSL is the default for gRPC.
And runtime debug log confirms OpenSSL native lib is loaded correctly.
> Use OpenSSL TLS encryption provider to speed up gRPC TLS encryption
> -------------------------------------------------------------------
>
> Key: HDDS-11604
> URL: https://issues.apache.org/jira/browse/HDDS-11604
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Wei-Chiu Chuang
> Priority: Major
>
> According to
> https://netty.io/wiki/requirements-for-4.x.html#benefits-of-using-openssl and
> https://netty.io/wiki/forked-tomcat-native.html
> we should rely on OpenSSL (default is JDK) to speed up encryption performance.
> We already have etty-tcnative-boringssl-static in the classpath and the
> missing piece is to use OpenSSL provider in the code.
> {code}
> SslContext sslContext =
> SslContextBuilder.forServer(certificate, privateKey)
> .sslProvider(SslProvider.OPENSSL)
> {code}
> OpenSSL is said to be 3x faster than the default JDK SSL provider.
> https://www.ververica.com/blog/how-openssl-in-ververica-platform-improves-your-flink-job-performance
> Apache Flink reports up to 210% improvement after switching to OpenSSL TLS
> encryption provider.
> Ideally if we can make the encryption overhead negligible, then we could
> simply make grpc encryption the default, simplify the configurations.
> actually openssl code is already in Ozone.
> I see that it is used in OM grpc server, DataNode xceiver server, container
> replication server, SCM client/server.
> But it's not applied to xciever client, OM grpc client, container replication
> client, and looks like ratis netty doesn't use it (grpc grpc has it though)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
