Enable OpenJSSE and TLS 1.3

Add OpenJSSE to allow the use of TLS 1.3 for encrypted data transmission.

Written by Adam Pavlacka

Last published at: March 2nd, 2022

Queries and transformations are encrypted before being send to your clusters. By default, the data exchanged between worker nodes in a cluster is not encrypted.

If you require that data is encrypted at all times, you can encrypt traffic between cluster worker nodes using AES 128 over a TLS 1.2 connection.

In some cases, you may want to use TLS 1.3 instead of TLS 1.2 because it allows for stronger ciphers.

To use TLS 1.3 on your clusters, you must enable OpenJSSE in the cluster’s Apache Spark configuration.

  1. Add spark.driver.extraJavaOptions -XX:+UseOpenJSSE to your Spark Config.
  2. Restart your cluster.

OpenJSSE and TLS 1.3 are now enabled on your cluster and can be used in notebooks.