[jira] [Commented] (CASSANDRA-18624) Make Corretto Crypto Provider the Default

[Stefan Miklosovic (Jira)]

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-18624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17746642#comment-17746642
 ] 

Stefan Miklosovic commented on CASSANDRA-18624:
-----------------------------------------------

Thank you for the review, [~mmuzaf] . I have accommodated the patch to include 
some for your suggestions.

However, this comment is particularly haunting me (1). This is somehow 
tangential to what I was discussing with [~jwest]  privately. This would not be 
an issue if we were sure that Amazon Corretto is EXACTLY same as default crypto 
provider in JRE. If it was, there is nothing to be afraid of to make this 
provider the default one.

However, as I understand it, Corretto is a {_}subset{_}, when it comes to 
functionality. I do not think that it is on par with JRE. So, if we made it 
default, is not it true that there might be a user who is using cipher / 
protocol which is not supported by Corretto? That being said, it is not 
necessarilly true that the upgrade would be flawless.

If this all hold,s I think that making this a default is not a good idea. We 
should default to what is in JRE and people are welcome to configure that.

I think that safety beats the comfort and performance "be damned" if it means 
that I am sure the upgrade will perform without errors. 

(1) https://github.com/apache/cassandra/pull/2505/files#r1272356448

> Make Corretto Crypto Provider the Default
> -----------------------------------------
>
>                 Key: CASSANDRA-18624
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-18624
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Dependencies
>            Reporter: Jordan West
>            Assignee: Ayushi Singh
>            Priority: Normal
>             Fix For: 5.x
>
>         Attachments: image.png
>
>          Time Spent: 27h 40m
>  Remaining Estimate: 0h
>
> [Amazon Corretto Crypto Provider| 
> https://github.com/corretto/amazon-corretto-crypto-provider] is an 
> alternative provider of TLS and cryptographic functions that has significant 
> performance benefits for Cassandra. It is Apache 2.0 licensed and has been 
> deployed in several existing large fleets. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org