[jira] [Commented] (ZOOKEEPER-4622) Add Netty-TcNative OpenSSL Support

Wed, 14 Jun 2023 08:25:04 -0700 


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17732583#comment-17732583
 ] 

Andor Molnar commented on ZOOKEEPER-4622:
-----------------------------------------

How to use netty-tcnative:

[https://netty.io/wiki/forked-tomcat-native.html]

This guide mentions adding extra dependencies to the classpath to get 
netty-tcnative library working. We won't do this in the upstream codebase, just 
making the code changes which are required. It should be the user's 
responsibility to prepare the classpath properly with the required native 
libraries. I've tested the changes on Ubuntu 20.04 and ZooKeeper logs look like 
this with OpenSSL 1.0:
{noformat}
2023-06-14 17:09:00,453 [myid:] - DEBUG 
[nioEventLoopGroup-8-1:o.a.z.c.X509Util@581] - Using Java9+ optimized cipher 
suites for Java version 11
2023-06-14 17:09:00,470 [myid:] - DEBUG 
[nioEventLoopGroup-8-1:i.n.u.i.NativeLibraryLoader@384] - Successfully loaded 
the library /tmp/libnetty_tcnative_linux_x86_643947969347517419998.so
2023-06-14 17:09:00,470 [myid:] - DEBUG 
[nioEventLoopGroup-8-1:i.n.h.s.OpenSsl@162] - Initialize netty-tcnative using 
engine: 'default'
2023-06-14 17:09:00,471 [myid:] - DEBUG 
[nioEventLoopGroup-8-1:i.n.h.s.OpenSsl@189] - netty-tcnative using native 
library: OpenSSL 1.0.2g  1 Mar 2016
...
023-06-14 17:09:00,546 [myid:] - DEBUG 
[nioEventLoopGroup-8-1:i.n.h.s.OpenSsl@442] - Supported protocols (OpenSSL): 
[SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2] 
2023-06-14 17:09:00,546 [myid:] - DEBUG 
[nioEventLoopGroup-8-1:i.n.h.s.OpenSsl@443] - Default cipher suites (OpenSSL): 
[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, 
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA]{noformat}

> Add Netty-TcNative OpenSSL Support
> ----------------------------------
>
>                 Key: ZOOKEEPER-4622
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4622
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.8.0
>            Reporter: Aayush Atharva
>            Assignee: Andor Molnar
>            Priority: Minor
>
> We should consider adding Netty-TcNative which will provide OpenSSL (or 
> BoringSSL) implementation for high-performance crypto.
> I can do PR for this.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to