[
https://issues.apache.org/jira/browse/HADOOP-12816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Wei-Chiu Chuang updated HADOOP-12816:
-------------------------------------
Status: Patch Available (was: Open)
submit the patch for testing.
> Log cipher suite negotiation more verbosely
> -------------------------------------------
>
> Key: HADOOP-12816
> URL: https://issues.apache.org/jira/browse/HADOOP-12816
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Labels: encryption, supportability
> Attachments: HADOOP-12816.001.patch
>
>
> We've had difficulty probing the root cause of performance slowdown with
> in-transit encryption using AES-NI. We finally found the root cause was the
> Hadoop client did not configure encryption properties correctly, so they did
> not negotiate AES cipher suite when creating an encrypted stream pair,
> despite the server (a data node) supports it. Existing debug message did not
> help. We saw debug message "Server using cipher suite AES/CTR/NoPadding" on
> the same data node, but that refers to the communication with other data
> nodes.
> It would be really helpful to log a debug message if a SASL server configures
> AES cipher suite, but the SASL client doesn't, or vice versa. This debug
> message should also log the client address to differentiate it from other
> stream pairs.
> More over, the debug message "Server using cipher suite AES/CTR/NoPadding"
> should also be extended to include the client's address.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
