(spark) branch master updated: [SPARK-45911][CORE] Make TLS1.3 the default for RPC SSL

Tue, 14 Nov 2023 09:51:01 -0800 

This is an automated email from the ASF dual-hosted git repository.

mridulm80 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git


The following commit(s) were added to refs/heads/master by this push:
     new f8ccf20360df [SPARK-45911][CORE] Make TLS1.3 the default for RPC SSL
f8ccf20360df is described below

commit f8ccf20360dfc5f8f7152d4b8588af680c5a988e
Author: Hasnain Lakhani <hasnain.lakh...@databricks.com>
AuthorDate: Tue Nov 14 11:49:01 2023 -0600

    [SPARK-45911][CORE] Make TLS1.3 the default for RPC SSL
    
    ### What changes were proposed in this pull request?
    
    As title. I think we should encourage a safer default. This also makes it 
easier for FedRAMP compliance guidelines coming up on Jan 1, as users would not 
need to do additional configuration to enable TLS1.3.
    
    ### Why are the changes needed?
    
    This improves a default setting for better security and improved 
performance.
    
    ### Does this PR introduce _any_ user-facing change?
    
    No
    
    ### How was this patch tested?
    
    existing CI tests
    
    I ran with logs enabled and verified that handshakes are now TLS1.3 where 
they previously were TLS1.2
    
    ### Was this patch authored or co-authored using generative AI tooling?
    
    No
    
    Closes #43803 from hasnain-db/tls13.
    
    Authored-by: Hasnain Lakhani <hasnain.lakh...@databricks.com>
    Signed-off-by: Mridul Muralidharan <mridul<at>gmail.com>
---
 .../src/main/java/org/apache/spark/network/ssl/SSLFactory.java          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/common/network-common/src/main/java/org/apache/spark/network/ssl/SSLFactory.java
 
b/common/network-common/src/main/java/org/apache/spark/network/ssl/SSLFactory.java
index fc03dba617f7..dc5af4639dad 100644
--- 
a/common/network-common/src/main/java/org/apache/spark/network/ssl/SSLFactory.java
+++ 
b/common/network-common/src/main/java/org/apache/spark/network/ssl/SSLFactory.java
@@ -175,7 +175,7 @@ public class SSLFactory {
      * @return The builder object
      */
     public Builder requestedProtocol(String requestedProtocol) {
-      this.requestedProtocol = requestedProtocol == null ? "TLSv1.2" : 
requestedProtocol;
+      this.requestedProtocol = requestedProtocol == null ? "TLSv1.3" : 
requestedProtocol;
       return this;
     }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org
For additional commands, e-mail: commits-h...@spark.apache.org

Reply via email to