Re: [PR] [SPARK-45431][DOCS] Document new SSL RPC feature [spark]

["mridulm (via GitHub)" <gi...@apache.org>]

mridulm commented on code in PR #43240:
URL: https://github.com/apache/spark/pull/43240#discussion_r1384439623


##########
docs/security.md:
##########
@@ -563,7 +604,52 @@ replaced with one of the above namespaces.
   <tr>
     <td><code>${ns}.trustStoreType</code></td>
     <td>JKS</td>
-    <td>The type of the trust store.</td>
+    <td>The type of the trust store. This setting is not applicable to the `rpc` namespace.</td>
+  </tr>
+  <tr>
+    <td><code>${ns}.openSSLEnabled</code></td>
+    <td>false</td>
+    <td>
+      Whether to use OpenSSL for cryptographic operations instead of the JDK SSL provider.
+      This setting is only applicable to the `rpc` namespace, and also requires the `certChain`
+      and `privateKey` settings to be set.

Review Comment:
   I am referring to (3).
   If openssl is requested but is not available at runtime, we will try to fallback to jks.
   The openssl config for `privateKey`/`certChain` need not be compatible with the `certChain`/`privateKey` for jks - for example, openssl for rpc vs jks for ui.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@spark.apache.org
For additional commands, e-mail: reviews-help@spark.apache.org