HDFS-3873 fixed the case where all exceptions acquiring tokens for hftp were ignored. Jobs would be submitted sans tokens, and then the tasks would eventually all fail trying to get the missing token. HDFS-3873 made jobs fail to submit if the remote cluster is secure.
Unfortunately it regressed the ability for a secure cluster to access an insecure cluster over hftp. The issue is unique to 23 due to KSSL.