[ https://issues.apache.org/jira/browse/CASSANDRA-17812?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Josh McKenzie updated CASSANDRA-17812: -------------------------------------- Test and Documentation Plan: New unit testing Status: Patch Available (was: Open) > Rate-limit new client connection setup to avoid overwhelming bcrypt > ------------------------------------------------------------------- > > Key: CASSANDRA-17812 > URL: https://issues.apache.org/jira/browse/CASSANDRA-17812 > Project: Cassandra > Issue Type: Improvement > Components: Feature/Encryption > Reporter: Josh McKenzie > Assignee: Josh McKenzie > Priority: Normal > > A flood of reconnects can cause a ton of pain at the bcrypt phase of > validating incoming connections. While this shouldn't happen during normal > operations, we need a rate limit server side - if there's a bad client out > there (version and/or configuration) that misbehaves, a way to cap the pain > on a server is quite useful. Right now the only option is to cap the total > connections which has other issues that aren't an ideal tradeoff (inability > to connect, etc). > Moving authentication requests to a small, separate pool will prevent > starvation handling all other requests. If the authExecutor pool backs up it > may cause authentication timeouts, but the clients should back off and retry > while the rest of the system continues to make progress. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org