[jira] [Updated] (KUDU-3133) Poor TLS cypher performance on Java 8

Wed, 13 Jan 2021 07:32:09 -0800 


     [ 
https://issues.apache.org/jira/browse/KUDU-3133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Grant Henke updated KUDU-3133:
------------------------------
    Affects Version/s: 1.7.0

> Poor TLS cypher performance on Java 8
> -------------------------------------
>
>                 Key: KUDU-3133
>                 URL: https://issues.apache.org/jira/browse/KUDU-3133
>             Project: Kudu
>          Issue Type: Bug
>          Components: perf, security
>    Affects Versions: 1.7.0
>            Reporter: Grant Henke
>            Assignee: wangningito
>            Priority: Major
>
> It was reported a while back that Kudu TLS doesn't perform well on Java 8 due 
> to a potential GCM cypher bug or bad selection via `PREFERRED_CIPHER_SUITES`. 
> It would be good to get to the bottom of this and fix it or document the 
> recommendation to use Java 11.
> Here was the observed impact:
> {code}
> ./bin/ycsb run kudu -P workloads/workloadc -p operationcount=100000000 
> -threads 64 -p kudu_num_clients=16 -s -p fieldlength=10000 -p 
> kudu_table_num_replicas=1
> java 7u75 with master:
>   0205 11:18:48.647920 (+    28us) server_negotiation.cc:581] Negotiated 
> TLSv1 with cipher AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
>   ~12k rows/sec
> java 8_141 with master:
>   0205 11:17:45.977107 (+    31us) server_negotiation.cc:581] Negotiated 
> TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA 
> Enc=AESGCM(256) Mac=AEAD
>   6k rows/sec
> java 8_141 with GCM-based codecs removed from Negotiator.java
>   0205 11:25:33.268689 (+    40us) server_negotiation.cc:581] Negotiated 
> TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA 
> Enc=AES(256) Mac=SHA384
>   ~6k rows/sec
> java 8_141 with only AES256-SHA remaining in Negotiator.java: 
> "TLS_RSA_WITH_AES_256_CBC_SHA" )
> 0205 11:32:07.674860 (+    44us) server_negotiation.cc:581] Negotiated 
> TLSv1.2 with cipher AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
>   ~9.5k rows/sec
> java 11 with master:
>   0205 11:17:01.416066 (+    41us) server_negotiation.cc:581] Negotiated 
> TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA 
> Enc=AESGCM(256) Mac=AEAD
>   ~19k rows/sec
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to