How to downgrade from TLS 1.3 to 1.2 in Azure Databricks env

_peteg_ 0 Reputation points
2024-11-12T11:07:44.1933333+00:00

Hi,

As part of troubleshooting a current intermittent issue with connecting to an external API, I am being asked to downgrade the TLS version from 1.3 to 1.2.

I am running a python notebook in our Azure Databricks environment and believe that TLS 1.3 is the default version - but how to change that (temporarily for testing and/or permanently)?

I believe it is currently 1.3 because I can see that on the Security tab of Edge Developer Tools (F12)

Thanks

Azure Databricks
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,273 questions
{count} votes

1 answer

Sort by: Most helpful
  1. phemanth 12,560 Reputation points Microsoft Vendor
    2024-11-13T01:42:37.29+00:00

    @peteg

    Thanks for reaching out to Microsoft Q&A.

    To downgrade the TLS version from 1.3 to 1.2 in your Azure Databricks environment, you can modify the Spark configuration settings. Here’s how you can do it both temporarily (for testing) and permanently:

    Temporary Change (for Testing)

    Modify Spark Configuration in Notebook: You can set the TLS version directly in your notebook using the following code snippet:

    spark.conf.set("spark.ssl.protocol", "TLSv1.2")

    This change will only apply to the current session and will revert back to the default when the notebook is restarted.

    Permanent Change

    Cluster Configuration: To make a permanent change, you need to set the Spark configuration in the cluster settings:

    • Go to your Databricks workspace.
    • Navigate to Clusters and select your cluster.
    • Click on Configuration.
    • Under Advanced Options, find the Spark tab.
    • Add the following configuration: spark.ssl.protocol TLSv1.2
    • Save the changes and restart your cluster for the settings to take effect.

    Additional Notes

    • Testing: After making these changes, you can verify the TLS version by checking the logs or using a test API call to ensure that the connection is established using TLS 1.2.
    • Security Considerations: Keep in mind that downgrading TLS may expose your application to security vulnerabilities, so it’s advisable to revert back to TLS 1.3 once your testing is complete.

    Hope this helps. Do let us know if you any further queries.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.