This is an automated email from the ASF dual-hosted git repository. mridulm80 pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push: new f8ccf20360df [SPARK-45911][CORE] Make TLS1.3 the default for RPC SSL f8ccf20360df is described below commit f8ccf20360dfc5f8f7152d4b8588af680c5a988e Author: Hasnain Lakhani <hasnain.lakh...@databricks.com> AuthorDate: Tue Nov 14 11:49:01 2023 -0600 [SPARK-45911][CORE] Make TLS1.3 the default for RPC SSL ### What changes were proposed in this pull request? As title. I think we should encourage a safer default. This also makes it easier for FedRAMP compliance guidelines coming up on Jan 1, as users would not need to do additional configuration to enable TLS1.3. ### Why are the changes needed? This improves a default setting for better security and improved performance. ### Does this PR introduce _any_ user-facing change? No ### How was this patch tested? existing CI tests I ran with logs enabled and verified that handshakes are now TLS1.3 where they previously were TLS1.2 ### Was this patch authored or co-authored using generative AI tooling? No Closes #43803 from hasnain-db/tls13. Authored-by: Hasnain Lakhani <hasnain.lakh...@databricks.com> Signed-off-by: Mridul Muralidharan <mridul<at>gmail.com> --- .../src/main/java/org/apache/spark/network/ssl/SSLFactory.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/network-common/src/main/java/org/apache/spark/network/ssl/SSLFactory.java b/common/network-common/src/main/java/org/apache/spark/network/ssl/SSLFactory.java index fc03dba617f7..dc5af4639dad 100644 --- a/common/network-common/src/main/java/org/apache/spark/network/ssl/SSLFactory.java +++ b/common/network-common/src/main/java/org/apache/spark/network/ssl/SSLFactory.java @@ -175,7 +175,7 @@ public class SSLFactory { * @return The builder object */ public Builder requestedProtocol(String requestedProtocol) { - this.requestedProtocol = requestedProtocol == null ? "TLSv1.2" : requestedProtocol; + this.requestedProtocol = requestedProtocol == null ? "TLSv1.3" : requestedProtocol; return this; } --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org