Hi We recently updated Jetty to 9.4.20 (HADOOP-16152 <https://issues.apache.org/jira/browse/HADOOP-16152>). According to the Jetty release note https://www.eclipse.org/lists/jetty-announce/msg00124.html Jetty 9.4.12 and above, (I believe JDK 11.0.3 or above is required: https://webtide.com/openjdk-11-and-tls-1-3-issues/ https://campustechnology.com/articles/2018/09/27/jdk-11-adds-support-for-tls-1.3-and-http2.aspx) supports TLS 1.3.
I had a quick check and it appears it only requires: hadoop.ssl.enabled.protocols = TLSv1.3 TLSv1.3 introduces new cipher suites () and legacy cipher suites are no longer accepted. Supported cipher suites in TLS 1.3: TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 Fortunately, we use exclude list rather than accept list in Hadoop to select ciphers, so we don't really need to change the cipher suite list in the configuration. I tried JDK 1.8.221 and JDK 11.0.5, the former failed and the latter succeeded. So looks like JDK 11 is required (not sure if it's because of the server or the client). I am not familiar with the SSL connection in the cloud connectors so not sure if this applies to them (or if cloud storage providers support TLS 1.3 at all) Has anyone tried TLS 1.3 with Hadoop, and do you see the improved performance as stated in https://www.ssl.com/article/tls-1-3-is-here-to-stay/? Cheers, Wei-Chiu
