Hi Todd, Thanks for sharing your experience enabling TLS in your clusters. Very helpful. One comment below.
On Sun, Sep 4, 2016 at 6:28 PM, Todd Palino <tpal...@gmail.com> wrote: > > Right now, we're specifically avoiding moving consume traffic to SSL, due > to the zero copy send issue. Now I've been told (but I have not > investigated) that OpenSSL can solve this. It would probably be a good use > of time to look into that further. > As far as I know, OpenSSL can reduce the TLS overhead, but we will still lose the zero-copy optimisation. There is some attempts at making it possible to retain zero-copy with TLS in the kernel[1][2], but it's probably too early for us to consider that for Kafka. Ismael [1] https://lwn.net/Articles/666509/ [2] http://techblog.netflix.com/2016/08/protecting-netflix-viewing-privacy-at.html
