On Wed, Jun 15, 2016 at 11:52 AM, Jay Wren <jay.w...@canonical.com> wrote:
> On Tue, Jun 14, 2016 at 5:50 PM, Charles Butler < > charles.but...@canonical.com> wrote: > >> - There is currently no way to disable TLS wrapped endpoints on Etcd (we >> want to keep our coordination data secure don't we?) >> >> > For our use case, we consider the overhead of establishing a new TLS > connection for every read or write to be heavier weight than we wish for > our etcd clients. We trust the network on which we run and we aren't > getting and setting any sensitive data. > > I value speed. I would continue to use a previous version of the charm. > Etcd really doesn't handle a high volume of writes anyway though. The overhead of a TLS handshake can be minimal, it just depends on the algorithm & key lengths used. This should be configurable in the layer, I think. EC and 2048-bit RSA have reasonable handshake times. 4096-bit RSA for TLS server keys is really slow though, I've seen handshakes on the order of seconds when benchmarking. > -- > Jay > > > -- > Juju mailing list > Juju@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju > >
-- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju