4. Data Transfer Protocol

The NameNode gives the client the address of the first Data Node to read or write the block. The actual data transfer between the client and the DataNode is over Hadoop's Data Transfer Protocol. To encrypt this protocol you must set dfs.encryt.data.transfer=true on the NameNode and all DataNodes. The actual algorithm used for encryption can be customized with dfs.encrypt.data.transfer.algorithm set to either "3des" or "rc4". If nothing is set, then the default on the system is used (usually 3DES.) While 3DES is more cryptographically secure, RC4 is substantially faster.