Performance with Enabling encryption on Shield

security

(shashank) #1

Hi,
i am interested to know the performance hit caused on enabling encryption with shield.
I wanted to fine tune few parameters before taking performance numbers.

Any suggestions on configurations of security protocols for better performance. I have some questions in particular

  1. How does Shield does encryption at the backend ? JDK SSL or OPEN SSL ?
  2. Which cipher suites should be used for better performance ?
  3. Is the performance dependent on java version or JCE or other stuff ?
  4. are there any benchmarks ES has on enabling encryption

Thanks


(Jay Modi) #2

Shield only uses the JDK SSLEngine.

I think you should consider security of the ciphers and prioritize that over performance. For example RC4 ciphers might be faster but it is widely considered insecure.

Performance of SSL will be dependent on Java version and the JCE provider. Some providers delegate to native libraries like NSS and this will often yield better performance.

We do not provide benchmarks as these will depend greatly on your JDK and hardware. The Rally tool can be used to test performance against a cluster running elasticsearch with shield/xpack security.

I think you are better off taking baseline numbers before changing any parameters; you may wind up with a slower configuration than the default if you do not.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.