[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16819595#comment-16819595 ] Niten Aggarwal commented on CASSANDRA-10735: Hi @Jason, I tried upgrading my driver to 4.0 with SSL and getting below exception. Truststore is valid becaise if i change password, it gives me authentication error. I believe either it needs socket timeout setting? Another question on this topic.. This Jira was suppose to solve " Support netty openssl (netty-tcnative) for client encryption" but as per configuration it only provides Default JDK ssl. How to enable SSL for openSSL?? If we have to write our custom SSL handler, I believe that's not the intent of Jira?? 16:22:04.624 [s0-admin-1] WARN c.d.o.d.i.c.c.ControlConnection - [s0] Error connecting to idpcsbmdevdpl002.vci.att.com/135.198.127.60:7011, trying next node com.datastax.oss.driver.api.core.connection.ConnectionInitException: [s0|control|id: 0x8f1cc575, L:/135.165.156.72:62524 - R:idpcsbmdevdpl002.vci.att.com/135.198.127.60:7011] init query STARTUP: error writing at com.datastax.oss.driver.internal.core.channel.ProtocolInitHandler$InitRequest.fail(ProtocolInitHandler.java:297) at com.datastax.oss.driver.internal.core.channel.ChannelHandlerRequest.writeListener(ChannelHandlerRequest.java:74) at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:502) at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:495) at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:474) at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:415) at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:540) at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:533) at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:114) at io.netty.util.internal.PromiseNotificationUtil.tryFailure(PromiseNotificationUtil.java:64) at io.netty.channel.DelegatingChannelPromiseNotifier.operationComplete(DelegatingChannelPromiseNotifier.java:57) at io.netty.channel.DelegatingChannelPromiseNotifier.operationComplete(DelegatingChannelPromiseNotifier.java:31) at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:502) at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:476) at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:415) at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:540) at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:533) at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:114) at io.netty.util.internal.PromiseNotificationUtil.tryFailure(PromiseNotificationUtil.java:64) at io.netty.channel.DelegatingChannelPromiseNotifier.operationComplete(DelegatingChannelPromiseNotifier.java:57) at io.netty.channel.DelegatingChannelPromiseNotifier.operationComplete(DelegatingChannelPromiseNotifier.java:31) at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:502) at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:476) at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:415) at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:540) at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:533) at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:114) at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:847) at io.netty.handler.ssl.SslHandler.wrapAndFlush(SslHandler.java:810) at io.netty.handler.ssl.SslHandler.handleUnwrapThrowable(SslHandler.java:1255) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1231) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1272) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) at
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16516682#comment-16516682 ] Dinesh Joshi commented on CASSANDRA-10735: -- `user@ ML` is users mailing list. See: http://cassandra.apache.org/community/ > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Jason Brown >Priority: Major > Fix For: 4.0 > > Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, > nettysslbench.png, nettysslbench_small.png, sslbench12-03.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16516631#comment-16516631 ] jahar commented on CASSANDRA-10735: --- Thanks Jason for your response. Can you please elaborate what is this _*user@ML?*_ > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Jason Brown >Priority: Major > Fix For: 4.0 > > Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, > nettysslbench.png, nettysslbench_small.png, sslbench12-03.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16515586#comment-16515586 ] Jason Brown commented on CASSANDRA-10735: - [~jahar.tyagi] I think you are having a client-side problem, and not on the server. This ticket describes functionality going into the server-side database for 4.0. You should probably contact the user@ ML for help. > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Jason Brown >Priority: Major > Fix For: 4.0 > > Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, > nettysslbench.png, nettysslbench_small.png, sslbench12-03.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16515426#comment-16515426
]
jahar commented on CASSANDRA-10735:
---
Hi,
I just followed the instructions given on
[https://docs.datastax.com/en/developer/java-driver/3.0/manual/ssl/] to use
NettySSLOptions, but getting
_com.datastax.driver.core.exceptions.NoHostAvailableException._
My .crt and private key and certificates are ok as I have verified them using
OpenSSL. Tried a lot but not able to find the root cause.
JdkSSLOptions is working fine but when I use the SSLOptions it fails. This is
what I am using in code:
_KeyStore ks = KeyStore.getInstance("JKS");_
_trustStore = new FileInputStream(theTrustStorePath);_
_ks.load(trustStore, theTrustStorePassword.toCharArray());_
_TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());_
_tmf.init(ks);_
_SslContextBuilder builder =_
_SslContextBuilder.forClient()_
_.sslProvider(SslProvider.OPENSSL)_
_.trustManager(tmf)_
_.ciphers(theCipherSuites)//_
_.keyManager(new File("mycert.pem"),_
_new File("mykey.pem"));_
_SSLOptions sslOptions = new NettySSLOptions(builder.build());_
_return sslOptions;_
This throws exception _mySession = myCluster.connect();_
Any idea or suggestions please.
> Support netty openssl (netty-tcnative) for client encryption
>
>
> Key: CASSANDRA-10735
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10735
> Project: Cassandra
> Issue Type: Improvement
>Reporter: Andy Tolbert
>Assignee: Jason Brown
>Priority: Major
> Fix For: 4.0
>
> Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz,
> nettysslbench.png, nettysslbench_small.png, sslbench12-03.png
>
>
> The java-driver recently added support for using netty openssl via
> [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in
> [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a
> very measured improvement (numbers incoming on that ticket). It seems
> likely that this can offer improvement if implemented C* side as well.
> Since netty-tcnative has platform specific requirements, this should not be
> made the default, but rather be an option that one can use.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15968420#comment-15968420
]
Jason Brown commented on CASSANDRA-10735:
-
Once CASSANDRA-8457 is commited, this will be very easy to me to do (especially
as the changes to {{SSLFactory}} in CASSANDRA-8457 will have 90% of the
functionality needed here)
> Support netty openssl (netty-tcnative) for client encryption
>
>
> Key: CASSANDRA-10735
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10735
> Project: Cassandra
> Issue Type: Improvement
>Reporter: Andy Tolbert
>Assignee: Jason Brown
> Fix For: 4.0
>
> Attachments: nettysslbench.png, nettysslbench_small.png,
> nettyssl-bench.tgz, netty-ssl-trunk.tgz, sslbench12-03.png
>
>
> The java-driver recently added support for using netty openssl via
> [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in
> [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a
> very measured improvement (numbers incoming on that ticket). It seems
> likely that this can offer improvement if implemented C* side as well.
> Since netty-tcnative has platform specific requirements, this should not be
> made the default, but rather be an option that one can use.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15339194#comment-15339194 ] Norman Maurer commented on CASSANDRA-10735: --- Sorry for the delay but the good news is that I think I have everything needed here locally implemented now... Stay tuned for have everything needed merged into Netty. Once in I will look into add it to cassandra itself Performance FTW ;) > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Norman Maurer > Fix For: 3.x > > Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, > nettysslbench.png, nettysslbench_small.png, sslbench12-03.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15220139#comment-15220139 ] Aleksey Yeschenko commented on CASSANDRA-10735: --- [~norman] I hope you'll be too, mate (: > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Norman Maurer > Fix For: 3.x > > Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, > nettysslbench.png, nettysslbench_small.png, sslbench12-03.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15220135#comment-15220135 ] Norman Maurer commented on CASSANDRA-10735: --- [~iamaleksey] you are fast buddy ;) > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Norman Maurer > Fix For: 3.x > > Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, > nettysslbench.png, nettysslbench_small.png, sslbench12-03.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15220130#comment-15220130 ] Aleksey Yeschenko commented on CASSANDRA-10735: --- bq. Actually you may want to assign this to me? As you wish (: > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Norman Maurer > Fix For: 3.x > > Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, > nettysslbench.png, nettysslbench_small.png, sslbench12-03.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15220125#comment-15220125 ] Norman Maurer commented on CASSANDRA-10735: --- Actually you may want to assign this to me ? ;) > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Aleksey Yeschenko > Fix For: 3.x > > Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz, > nettysslbench.png, nettysslbench_small.png, sslbench12-03.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15191836#comment-15191836
]
Andy Tolbert commented on CASSANDRA-10735:
--
{quote}
This has been addressed in [CASSANDRA-9325]
{quote}
That looks perfect, would definitely be nice to have :)
> Support netty openssl (netty-tcnative) for client encryption
>
>
> Key: CASSANDRA-10735
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10735
> Project: Cassandra
> Issue Type: Improvement
>Reporter: Andy Tolbert
>Assignee: Aleksey Yeschenko
> Fix For: 3.x
>
> Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz,
> nettysslbench.png, nettysslbench_small.png, sslbench12-03.png
>
>
> The java-driver recently added support for using netty openssl via
> [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in
> [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a
> very measured improvement (numbers incoming on that ticket). It seems
> likely that this can offer improvement if implemented C* side as well.
> Since netty-tcnative has platform specific requirements, this should not be
> made the default, but rather be an option that one can use.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[
https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15191830#comment-15191830
]
Stefan Podkowinski commented on CASSANDRA-10735:
{quote}
The transport encryption options do not let you override the keystore and
keystore password used for jdk ssl, it just uses defaults (conf/.keystore and
cassandra for password).
{quote}
This has been addressed in CASSANDRA-9325
> Support netty openssl (netty-tcnative) for client encryption
>
>
> Key: CASSANDRA-10735
> URL: https://issues.apache.org/jira/browse/CASSANDRA-10735
> Project: Cassandra
> Issue Type: Improvement
>Reporter: Andy Tolbert
>Assignee: Aleksey Yeschenko
> Fix For: 3.x
>
> Attachments: netty-ssl-trunk.tgz, nettyssl-bench.tgz,
> nettysslbench.png, nettysslbench_small.png, sslbench12-03.png
>
>
> The java-driver recently added support for using netty openssl via
> [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in
> [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a
> very measured improvement (numbers incoming on that ticket). It seems
> likely that this can offer improvement if implemented C* side as well.
> Since netty-tcnative has platform specific requirements, this should not be
> made the default, but rather be an option that one can use.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15191341#comment-15191341 ] Andy Tolbert commented on CASSANDRA-10735: -- Sounds good, will do. I'll update my branch sometime this weekend to include the stress changes I made to test this. > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Aleksey Yeschenko > Fix For: 3.x > > Attachments: nettyssl-bench.tgz, nettysslbench.png, > nettysslbench_small.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15191336#comment-15191336 ] Aleksey Yeschenko commented on CASSANDRA-10735: --- [~andrew.tolbert] Please do. I intend to finish this by 3.6. > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Aleksey Yeschenko > Fix For: 3.x > > Attachments: nettyssl-bench.tgz, nettysslbench.png, > nettysslbench_small.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15191333#comment-15191333 ] Andy Tolbert commented on CASSANDRA-10735: -- Had planned to return to doing some more benchmarking on this at some point, but time moves quickly! Would be willing to help contribute to this in any way that would be helpful (testing/profiling/implementation/etc.), [my attempt|https://github.com/tolbertam/cassandra/commit/eaaed26ca84304f7839213f5b0c5534d50f02185] to get this working was a least effort stab at things just to see what the numbers look like. There is also the cassandra-stress side of this as well which it looks like I didn't include, can provide that too if that is helpful. > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert >Assignee: Aleksey Yeschenko > Fix For: 3.x > > Attachments: nettyssl-bench.tgz, nettysslbench.png, > nettysslbench_small.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15056061#comment-15056061 ] Aleksey Yeschenko commented on CASSANDRA-10735: --- [~andrew.tolbert] thanks for the update > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert > Fix For: 3.x > > Attachments: nettyssl-bench.tgz, nettysslbench.png, > nettysslbench_small.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (CASSANDRA-10735) Support netty openssl (netty-tcnative) for client encryption
[ https://issues.apache.org/jira/browse/CASSANDRA-10735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15025998#comment-15025998 ] Andy Tolbert commented on CASSANDRA-10735: -- One thing I need to confirm is why the orange config and blue configs, which both used OpenSSL on the C* side, show a difference in gc'd mb. It could be that the TLS version or cipher negotiated may have been different between using jdk ssl and openssl in the driver. I've seen in the past that I can get better throughput with 1.1 vs 1.2. I'll do a packet trace soon to confirm everything in consistent between the configurations. > Support netty openssl (netty-tcnative) for client encryption > > > Key: CASSANDRA-10735 > URL: https://issues.apache.org/jira/browse/CASSANDRA-10735 > Project: Cassandra > Issue Type: Improvement >Reporter: Andy Tolbert > Fix For: 3.x > > Attachments: nettyssl-bench.tgz, nettysslbench.png, > nettysslbench_small.png > > > The java-driver recently added support for using netty openssl via > [netty-tcnative|http://netty.io/wiki/forked-tomcat-native.html] in > [JAVA-841|https://datastax-oss.atlassian.net/browse/JAVA-841], this shows a > very measured improvement (numbers incoming on that ticket). It seems > likely that this can offer improvement if implemented C* side as well. > Since netty-tcnative has platform specific requirements, this should not be > made the default, but rather be an option that one can use. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
