[ https://issues.apache.org/jira/browse/HBASE-16414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15593720#comment-15593720 ]
Colin Ma commented on HBASE-16414: ---------------------------------- [~devaraj], for the different configuration in server/client, the unit test is added in TestSecureIPC.testDifferentConfWithCryptoAES(). For the different version of server/client, actually, it's about the compatibility of protobuf, I also tested it in my local. The following table is the description for these situations: || ||Server side || Client side || Action|| |Case1 | disable AES(without the feature) | enable AES(with the feature) | Client will send the request to Server for connection header negotiation, but Server won't response. Client will throw the exception for timeout at last| |Case2 | enable AES(with the feature) | disable AES(without the feature) | Client won't send the request to Server for connection header negotiation, no negotiation happen| > Improve performance for RPC encryption with Apache Common Crypto > ---------------------------------------------------------------- > > Key: HBASE-16414 > URL: https://issues.apache.org/jira/browse/HBASE-16414 > Project: HBase > Issue Type: Improvement > Components: IPC/RPC > Affects Versions: 2.0.0 > Reporter: Colin Ma > Assignee: Colin Ma > Attachments: HBASE-16414.001.patch, HBASE-16414.002.patch, > HBASE-16414.003.patch, HBASE-16414.004.patch, HBASE-16414.005.patch, > HBASE-16414.006.patch, HBASE-16414.007.patch, HBASE-16414.008.patch, > HBASE-16414.009.patch, HbaseRpcEncryptionWithCrypoto.docx > > > Hbase RPC encryption is enabled by setting “hbase.rpc.protection” to > "privacy". With the token authentication, it utilized DIGEST-MD5 mechanisms > for secure authentication and data protection. For DIGEST-MD5, it uses DES, > 3DES or RC4 to do encryption and it is very slow, especially for Scan. This > will become the bottleneck of the RPC throughput. > Apache Commons Crypto is a cryptographic library optimized with AES-NI. It > provides Java API for both cipher level and Java stream level. Developers can > use it to implement high performance AES encryption/decryption with the > minimum code and effort. Compare with the current implementation of > org.apache.hadoop.hbase.io.crypto.aes.AES, Crypto supports both JCE Cipher > and OpenSSL Cipher which is better performance than JCE Cipher. User can > configure the cipher type and the default is JCE Cipher. -- This message was sent by Atlassian JIRA (v6.3.4#6332)