Configuring Native TLS Acceleration

For ADLS Gen2, TLS is enabled by default using the Java implementation of TLS. For better performance, you can use the native OpenSSL implementation of TLS.

Perform the following steps to use the native OpenSSL implementation of TLS:

  1. Verify the location of the OpenSSL libraries on the hosts with the following command:
    whereis libssl
  2. In the Cloudera Manager Admin Console, search for the following property: Gateway Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh.
  3. Add the following parameter to the property:
    HADOOP_OPTS="-Dorg.wildfly.openssl.path=<path to OpenSSL libraries> ${HADOOP_OPTS}"
    For example, if the OpenSSL libraries are in /usr/lib64, add the following parameter:
    HADOOP_OPTS="-Dorg.wildfly.openssl.path=/usr/lib64 ${HADOOP_OPTS}"
    
  4. Save the change.
  5. Search for the following property: HDFS Client Environment Advanced Configuration Snippet (Safety Valve) for hadoop-env.sh
  6. Add the following parameter to the property:
    HADOOP_OPTS="-Dorg.wildfly.openssl.path=<path to OpenSSL libraries> ${HADOOP_OPTS}"
    For example, if the OpenSSL libraries are in /usr/lib64, add the following parameter:
    HADOOP_OPTS="-Dorg.wildfly.openssl.path=/usr/lib64 ${HADOOP_OPTS}"
  7. Save the change.
  8. Restart the stale services.
  9. Deploy the client configurations.
  10. Verify that you configured native TLS acceleration successfully by running the following command from any host in the cluster:
    hadoop fs -ls abfss://<container>@<account>.dfs.core.windows.net/
    
    A message similar to the following should appear:
    org.wildfly.openssl.SSL init
    INFO: WFOPENSSL0002 OpenSSL Version OpenSSL 1.0.1e-fips 11 Feb 2013
    
    The message may differ slightly depending on your operating system and OpenSSL version.