If you test with Java 9 please make sure to use an accelerated cipher suite (e.g. one that uses AES GCM such as TLS_RSA_WITH_AES_128_GCM_SHA256).
Radu On Mon, Oct 30, 2017 at 1:49 PM, Jaikiran Pai <jai.forums2...@gmail.com> wrote: > I haven't yet had a chance to try out Java 9, but that's definitely on my > TODO list, maybe sometime this weekend. > > Thanks for pointing me to KAFKA-2561. I had missed that. > > -Jaikiran > > > > On 30/10/17 4:17 PM, Mickael Maison wrote: > >> Thanks for sharing, very interesting read. >> >> Did you get a chance to try JDK 9 ? >> >> We also considered using OpenSSL instead of JSSE especially since >> Netty made an easy to re-use package (netty-tcnative). >> >> There was KAFKA-2561 >> (https://issues.apache.org/jira/browse/KAFKA-2561) where people shared >> a few numbers and what would be need to get it working. >> >> On Mon, Oct 30, 2017 at 8:08 AM, Jaikiran Pai <jai.forums2...@gmail.com> >> wrote: >> >>> We have been using Kafka in some of our projects for the past couple of >>> years. Our experience with Kafka and SSL had shown some performance >>> issues >>> when we had seriously tested it (which admittedly was around a year >>> back). >>> Our basic tests did show that things had improved over time with newer >>> versions, but we didn't get a chance to fully test and move to SSL for >>> Kafka. >>> >>> Incidentally, I happened to be looking into some other things related to >>> SSL >>> and decided to experiment with using openssl as the SSL provider for >>> Kafka. >>> I had heard OpenSSL performs better than the engine shipped default in >>> JRE, >>> but hadn't ever got a chance to do any experiments. This past few weeks, >>> I >>> decided to spend some time trying it. I have noted the experimentation >>> and >>> the performance numbers in my blog[1]. The initial basic performance >>> testing >>> (using the scripts shipped in Kafka) does show promising improvements. >>> Like >>> I note in my blog, this was a very basic performance test just to see if >>> OpenSSL can be pursued as an option (both in terms of being functional >>> and >>> performant) if we do decide to. >>> >>> I know some of the members in these lists do extensive performance >>> testing >>> with Kafka (and SSL), so I thought I will bring this to their notice. >>> >>> [1] https://jaitechwriteups.blogspot.com/2017/10/kafka-with-openssl.html >>> >>> -Jaikiran >>> >>> >
