[
https://issues.apache.org/jira/browse/HADOOP-9820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13732752#comment-13732752
]
Luke Lu commented on HADOOP-9820:
---------------------------------
bq. Client and server are using mismatched ciphers.
That should not happen after the SASL negotiation is done. Given that even
timing difference can leak information, we should not even tell a potentially
adversarial client the fact that unwrap failed. We should log the exception at
the server side for debugging purpose and close the connection after waiting
for a random interval.
bq. That's the spec default if the buffer size isn't negotiated so it can't be
a configurable option.
It needs to be a constant (with a pointer to the rfc) instead of literals for
future maintenance.
> RPCv9 wire protocol is insufficient to support multiplexing
> -----------------------------------------------------------
>
> Key: HADOOP-9820
> URL: https://issues.apache.org/jira/browse/HADOOP-9820
> Project: Hadoop Common
> Issue Type: Bug
> Components: ipc, security
> Affects Versions: 3.0.0, 2.1.0-beta
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HADOOP-9820.patch
>
>
> RPCv9 is intended to allow future support of multiplexing. This requires all
> wire messages to be tagged with a RPC header so a demux can decode and route
> the messages accordingly.
> RPC ping packets and SASL QOP wrapped data is known to not be tagged with a
> header.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
