[GEODE-8349] reinstate use of SSLSocket for cluster communication - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: membership, messaging
Labels:
- no-release-note
- pull-request-available

Description

We've found problems with "new IO"'s SSLEngine with respect to support for TLSV1. We've also seen anomalous performance using that secure communications mechanism. The introduction of the use of the "new IO" SSLEngine was originally to 1) reduce code complexity in the org.apache.geode.internal.tcp package and 2) to set the stage for its use in client/server communications so that selectors could be used in c/s communications.

This ticket aims to reintroduce the use of SSLSocket in cluster communications without restoring the old, poorly tested SSL code paths. The new implementation should have as good or better performance than the previous"old IO" implementation and the more recent "new IO" SSLEngine implementation as well. This should be apparent in the CI benchmark jobs.