Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-3133

Poor TLS cypher performance on Java 8

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: perf, security
    • Labels:
      None

      Description

      It was reported a while back that Kudu TLS doesn't perform well on Java 8 due to a potential GCM cypher bug or bad selection via `PREFERRED_CIPHER_SUITES`. It would be good to get to the bottom of this and fix it or document the recommendation to use Java 11.

      Here was the observed impact:

      ./bin/ycsb run kudu -P workloads/workloadc -p operationcount=100000000 -threads 64 -p kudu_num_clients=16 -s -p fieldlength=10000 -p kudu_table_num_replicas=1
      java 7u75 with master:
        0205 11:18:48.647920 (+    28us) server_negotiation.cc:581] Negotiated TLSv1 with cipher AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
        ~12k rows/sec
      java 8_141 with master:
        0205 11:17:45.977107 (+    31us) server_negotiation.cc:581] Negotiated TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
        6k rows/sec
      java 8_141 with GCM-based codecs removed from Negotiator.java
        0205 11:25:33.268689 (+    40us) server_negotiation.cc:581] Negotiated TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
        ~6k rows/sec
      java 8_141 with only AES256-SHA remaining in Negotiator.java: "TLS_RSA_WITH_AES_256_CBC_SHA" )
      0205 11:32:07.674860 (+    44us) server_negotiation.cc:581] Negotiated TLSv1.2 with cipher AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
        ~9.5k rows/sec
      java 11 with master:
        0205 11:17:01.416066 (+    41us) server_negotiation.cc:581] Negotiated TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
        ~19k rows/sec
      

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              granthenke Grant Henke
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: