Mule Salesforce Connector TLS 1.1 upgrade Issue

1
votes

I was working on one poc which will connect to salesforce account . The mule version is 6.3.2 and sales force version is 6.3.2. Till 2 [![enter image description here][1]][1]days back it was working fine.

I came to know that last weekend sales force as done TLS upgrade to 1.1 from 1.0. When i was testing my flow getting the below exception:

Root Exception stack trace: [UnexpectedErrorFault [ApiFault exceptionCode='UNSUPPORTED_CLIENT' exceptionMessage='TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.' ] ]

When i saw the mule documentation it says that sales force connector 7.1.2 as addressed this issue and I update my connector in studio and retried the scenario which is not working.

Can some one help me out on this.

Regards Vikram

5
salesforcemule
What version of Anypoint Studio and Mule Runtime are you using (you wrote "6.3.2" which is not a valid one)? Are you using API Gateay as well? If yes, what version?CountD
Recently I faced this issue. Refer this answer: stackoverflow.com/a/38107239/6521128Sagar Chaudhari

5 Answers

0
votes

I previously had to set the following property in the application settings:

https.protocols=TLSv1.1,TLSv1.2

And -Dhttps.protocols=TLSv1.1,TLSv1.2 in my wrapper.conf for Mule standalone.

0
votes

You can put your configuration in tls-default.conf in MULE_ESB/conf/ folder and then put the value inside like below:

enabledProtocols=TLSv1.1, TLSv1.2
enabledCipherSuites=TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, SSL_DH_anon_WITH_DES_CBC_SHA

Or if you want to test from your anypoint studio, just create the tls-default.conf and put under your resources folder

Another information I can add is try to input your url destination to https://www.ssllabs.com/ssltest/ to make sure the TLSv1.1 is enabled by your endpoint or the chiper suite enable too

0
votes

Similar is answered in https://forums.mulesoft.com/questions/41012/getting-error-when-hitting-a-rest-api-via-https.html#answer-43960

Below is the answer I posted.

I resolved it in my system.

When it is not working in the Runtime that is attached in the Anypoint studio then follow the below steps.

Navigate to the Anypoint studio installation directory

Search for "tls-default.conf" in the folder. This will show you all the files for all the Runtimes that you have installed.

there will be a property "enabledProtocols" make sure that it contains the TLSv1 in it as below

enabledProtocols=TLSv1,TLSv1.1,TLSv1.2

This above should apply to Cloud hub (Most of the times it is already enabled) or on-premise systems.

0
votes

Salesforce are now disabling TLS 1.0, forcing TLS 1.1 or higher. For Java versions >= 1.8 this is not a problem, but for earlier releases you will want to set the SSLContext. This solution worked for me:

if (Double.parseDouble(Runtime.class.getPackage().getSpecificationVersion()) <= 1.7) // Java versions > 1.7 are compatible with TLS 1.1 or higher by default - we want TLSv1.2 for our needs
    setSSLContext(SSLContext.getInstance(SSL_VERSION_TO_USE_FOR_SALESFORCE_LOGIN));

private static void setSSLContext(SSLContext context) {
    SSLContext.setDefault(context);
    try {
        /*  Either of the first two parameters may be null in which case the installed security providers will be searched for the highest priority implementation of the appropriate factory.
             Likewise, the secure random parameter may be null in which case the default implementation will be used. */
        context.init(null, null, null);
    } catch (KeyManagementException e) {
        // handle exception
    }
}
0
votes
  • Navigate to Setup
  • In the Quick Find bar, type in Critical Updates
  • Select Critical Updates
  • Locate the Require TLS 1.1 or higher for HTTPS connections​ under the Update Name column
  • Click on Deactivate.

enter image description here