[
https://issues.apache.org/jira/browse/CASSANDRA-18624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17747207#comment-17747207
]
Jordan West edited comment on CASSANDRA-18624 at 7/26/23 3:04 PM:
------------------------------------------------------------------
My thoughts:
* Shipping it even if not the default is better than not shipping it at all. At
least then those who determine its safe can opt-in to the performance benefit
* Shipping it on by default would be preferred because ideally we are safer and
faster out of the box. However, I wouldn't do this at the cost of breaking
upgrades. The few upgrades I would see as acceptable to break are ones where
the cluster is highly configured (e.g. the user tuned the algorithms in a
non-standard way we don't document or recommend). In those cases I think the
user will be responsible for ensuring the upgrade doesn't break (we have to do
this internally for example in a few places).
My understanding is *if* ACCP doesn't implement something the priority list
causes a fallback to the JRE implementation. But it *prefers* ACCP.
We've also been running ACCP in production for years without issue. We did
notice a performance impact immediately when trying to deploy 4.1 without it.
Its evident in the graph shared in the ticket and in flame graphs we took.
was (Author: jrwest):
My thoughts:
* Shipping it even if not the default is better than not shipping it at all. At
least then those who determine its safe can opt-in to the performance benefit
* Shipping it on by default would be preferred because ideally we are safer and
faster out of the box. However, I wouldn't do this at the cost of breaking
upgrades. The few upgrades I would see as acceptable to break are ones where
the cluster is highly configured (e.g. the user tuned the algorithms in a
non-standard way we don't document or recommend). In those cases I think the
user will be responsible for ensuring the upgrade doesn't break (we have to do
this internally for example in a few places).
My understanding is *if* ACCP doesn't implement something the priority list
causes a fallback to the JRE implementation. But it *prefers* ACCP.
> Make Corretto Crypto Provider the Default
> -----------------------------------------
>
> Key: CASSANDRA-18624
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18624
> Project: Cassandra
> Issue Type: Improvement
> Components: Dependencies
> Reporter: Jordan West
> Assignee: Ayushi Singh
> Priority: Normal
> Fix For: 5.x
>
> Attachments: image.png
>
> Time Spent: 28h
> Remaining Estimate: 0h
>
> [Amazon Corretto Crypto Provider|
> https://github.com/corretto/amazon-corretto-crypto-provider] is an
> alternative provider of TLS and cryptographic functions that has significant
> performance benefits for Cassandra. It is Apache 2.0 licensed and has been
> deployed in several existing large fleets.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
