apache · HTHou · Jun 5, 2026 · Jun 8, 2026 · Jun 8, 2026 · Jun 11, 2026
diff --git a/external-service-impl/rest/pom.xml b/external-service-impl/rest/pom.xml
@@ -38,13 +38,6 @@
             <groupId>org.glassfish.jersey.inject</groupId>
             <artifactId>jersey-hk2</artifactId>
             <scope>runtime</scope>
-            <exclusions>
-                <!-- repeated in node commons -->
-                <exclusion>
-                    <groupId>jakarta.annotation</groupId>
-                    <artifactId>jakarta.annotation-api</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.iotdb</groupId>
@@ -87,11 +80,6 @@
                     <groupId>jakarta.validation</groupId>
                     <artifactId>jakarta.validation-api</artifactId>
                 </exclusion>
-                <!-- repeated in node commons -->
-                <exclusion>
-                    <groupId>jakarta.annotation</groupId>
-                    <artifactId>jakarta.annotation-api</artifactId>
-                </exclusion>
             </exclusions>
         </dependency>
         <dependency>

diff --git a/external-service-impl/rest/src/main/java/org/apache/iotdb/rest/RestService.java b/external-service-impl/rest/src/main/java/org/apache/iotdb/rest/RestService.java
@@ -21,6 +21,7 @@
 import org.apache.iotdb.externalservice.api.IExternalService;
 import org.apache.iotdb.rest.i18n.RestMessages;
 import org.apache.iotdb.rest.protocol.filter.ApiOriginFilter;
+import org.apache.iotdb.rpc.RpcSslUtils;
 
 import org.eclipse.jetty.ee10.servlet.ServletContextHandler;
 import org.eclipse.jetty.ee10.servlet.ServletHolder;
@@ -46,12 +47,13 @@

  private static Server server;

  private void startSSL(
      int port,
      String keyStorePath,
       String trustStorePath,
       String keyStorePwd,
       String trustStorePwd,
+      String sslProtocol,
       int idleTime,
       boolean clientAuth) {
     server = new Server();
@@ -61,6 +63,7 @@
     httpsConfig.addCustomizer(new SecureRequestCustomizer());
 
     SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
+    configureSSL(sslContextFactory, sslProtocol);
     sslContextFactory.setKeyStorePath(keyStorePath);
     sslContextFactory.setKeyStorePassword(keyStorePwd);
     if (clientAuth) {
@@ -125,6 +128,7 @@
           config.getTrustStorePath(),
           config.getKeyStorePwd(),
           config.getTrustStorePwd(),
+          config.getSslProtocol(),
           config.getIdleTimeoutInSeconds(),
           config.isClientAuth());
     } else {
@@ -142,4 +146,9 @@
       server.destroy();
     }
   }
+
+  private void configureSSL(SslContextFactory.Server sslContextFactory, String sslProtocol) {
+    String protocol = RpcSslUtils.normalizeProtocol(sslProtocol);
+    sslContextFactory.setProtocol(protocol);
+  }
 }
diff --git a/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppBaseConfig.java b/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppBaseConfig.java
@@ -120,6 +120,10 @@ protected final void setProperty(@NotNull String key, String value) {
     }
   }
 
+  public final String getProperty(@NotNull String key, String defaultValue) {
+    return properties.getProperty(key, defaultValue);
+  }
+
   /** Create an instance but with empty properties. */
   public abstract MppBaseConfig emptyClone();
 }
diff --git a/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppCommonConfig.java b/integration-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppCommonConfig.java
@@ -635,6 +635,12 @@ public CommonConfig setEnforceStrongPassword(boolean enforceStrongPassword) {
     return this;
   }
 
+  @Override
+  public CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL) {
+    setProperty("enable_thrift_ssl", String.valueOf(enableThriftClientSSL));
+    return this;
+  }
+
   @Override
   public CommonConfig setEnableInternalSSL(boolean enableInternalSSL) {
     setProperty("enable_internal_ssl", String.valueOf(enableInternalSSL));
@@ -665,6 +671,12 @@ public CommonConfig setTrustStorePwd(String trustStorePwd) {
     return this;
   }
 
+  @Override
+  public CommonConfig setSslProtocol(String sslProtocol) {
+    setProperty("ssl_protocol", sslProtocol);
+    return this;
+  }
+
   @Override
   public CommonConfig setDatanodeMemoryProportion(String datanodeMemoryProportion) {
     setProperty("datanode_memory_proportion", datanodeMemoryProportion);

diff --git a/...tion-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppSharedCommonConfig.java b/...tion-test/src/main/java/org/apache/iotdb/it/env/cluster/config/MppSharedCommonConfig.java
@@ -659,6 +659,13 @@ public CommonConfig setEnforceStrongPassword(boolean enforceStrongPassword) {
     return this;
   }
 
+  @Override
+  public CommonConfig setEnableThriftClientSSL(boolean enableThriftClientSSL) {
+    cnConfig.setEnableThriftClientSSL(enableThriftClientSSL);
+    dnConfig.setEnableThriftClientSSL(enableThriftClientSSL);
+    return this;
+  }
+
   @Override
   public CommonConfig setEnableInternalSSL(boolean enableInternalSSL) {
     cnConfig.setEnableInternalSSL(enableInternalSSL);
@@ -694,6 +701,13 @@ public CommonConfig setTrustStorePwd(String trustStorePwd) {
     return this;
   }
 
+  @Override
+  public CommonConfig setSslProtocol(String sslProtocol) {
+    cnConfig.setSslProtocol(sslProtocol);
+    dnConfig.setSslProtocol(sslProtocol);
+    return this;
+  }
+
   @Override
   public CommonConfig setDatanodeMemoryProportion(String datanodeMemoryProportion) {
     dnConfig.setDatanodeMemoryProportion(datanodeMemoryProportion);