One Star

Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Salesforce is disabling TLS 1.0 encryption.
Our organization has not certified Java 8 for our applications. How do we configure Talend 6.1.1 to use TLS1.2 with Java 7?
      I have tried adding the following Job Run VM Arguments:
        -Dhttps.protocols=TLSv1.2

      I have also defined the following Deployment.properties:
        deployment.security.TLSv1=false
        deployment.security.TLSv1.1=false
        deployment.security.TLSv1.2=true


Thoughts?
The general timeframes for disabling the use of TLS 1.0 to and from Salesforce are as follows:
     
New production orgs created with Summer '16 or later:

New production orgs created with Summer '16 or later will require TLS 1.1 or later in HTTPS connections to or from the org.
Sandbox orgs created from a production org will inherit the TLS requirements of your production org. As such, if a production org created with Summer '16 or later creates a sandbox org, those sandbox orgs will also require TLS 1.1 or later in HTTPS connections.
The "Require TLS 1.1 or higher for HTTPS connections" CRUC setting will not be available in both production orgs created with Summer '16 or later and sandbox orgs created from such production orgs. 
Sandbox orgs

June 25, 2016, at 9:30 AM PDT (16:30 UTC)
8 REPLIES
Employee

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

6.1.1 has this fixed out of the box. No JVM args needed. Are you seeing any errors?
Thomas Steinborn
VP Product Management
Four Stars

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Hello, 
I have the same problem. 
I use Talend 5.6.2 (with java 6) with which twebservice component works. As tls is desabled in salesforce,talend 5.6.2 doesn't work anymore. 
Before I tried with Talend 6.1.0 but twebservice component didn't work. I had error :
Exception in component tWebService_1
java.lang.NullPointerException
at org.apache.cxf.common.util.Compiler.useJava6Compiler(Compiler.java:187)
at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:141)
at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:136)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.compileJavaSrc(DynamicClientFactory.java:611)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:370)
at org.talend.webservice.helper.ServiceInvokerHelper.createClient(ServiceInvokerHelper.java:144)
at org.talend.webservice.helper.ServiceInvokerHelper.getClient(ServiceInvokerHelper.java:135)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:236)
at test.Flux.tWebService_1Process(Flux.java:929)
at test.Flux.runJobInTOS(Flux23_premep.java:8647)
at test.Flux.main(Flux23_premep.java:8445)
: test.Flux- java.lang.NullPointerException
Did the problem twebservice fix on 6.1.1? or is there a way to use 5.6.2 with tls desactivated? 
I've tried also by adding -Dhttps.protocols=TLSv1.1,TLSv1.2 in twebservice but I have error below: 
22 juin 2016 11:10:59 org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
ATTENTION: Interceptor for {urnSmiley Tongueartner.soap.sforce.com}SforceService#{urnSmiley Tongueartner.soap.sforce.com}login has thrown exception, unwinding now
java.lang.IllegalArgumentException: IllegalArgumentException invoking : TLSv1.1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1346)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1335)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632)
11:10:59,647 ERROR Flux.java tLog4J_1Process 1286 - IllegalArgumentException invoking : TLSv1.1
disconnected
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:197)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:238)
at test.Flux.tWebService_1Process(Flux.java:1070)
at test.Flux.runJobInTOS(Flux.java:8776)
at test.Flux.main(Flux.java:8574)
Caused by: java.lang.IllegalArgumentException: TLSv1.1
at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)
at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImpl.java:2233)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1031)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:174)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1289)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1245)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1302)
... 14 more
Exception in component tWebService_1
java.lang.IllegalArgumentException: IllegalArgumentException invoking : TLSv1.1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1346)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1335)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:197)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:238)
at test.Flux.tWebService_1Process(Flux.java:1070)
at test.Flux.runJobInTOS(Flux.java:8776)
at test.Flux.main(Flux.java:8574)
Caused by: java.lang.IllegalArgumentException: TLSv1.1
at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)
at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImpl.java:2233)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1031)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:174)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1289)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1245)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1302)
Any help please?
Four Stars

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Hi, 
With Talend 6.1.1, I have error in twebservice:
Exception in component tWebService_1
java.lang.NullPointerException
    at org.apache.cxf.common.util.Compiler.useJava6Compiler(Compiler.java:187)
    at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:141)
    at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:136)
    at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.compileJavaSrc(DynamicClientFactory.java:611)
    at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:370)
    at org.talend.webservice.helper.ServiceInvokerHelper.createClient(ServiceInvokerHelper.java:144)
    at org.talend.webservice.helper.ServiceInvokerHelper.getClient(ServiceInvokerHelper.java:135)
    at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:236)
    at test.flux.tWebService_1Process(Flux23_premep0.java:1084)
    at test.flux.runJobInTOS(Flux23_premep0.java:8788)
    at test.flux.main(Flux23_premep0.java:8586)
One Star

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

6.1.1 has this fixed out of the box. No JVM args needed. Are you seeing any errors?

I am using 6.1.1 and still recieve the tls 1.1 or greater error. 
Here is what I have tried:
In Javacpl - I have unchecked support for 
-Dhttps.protocols=TLSv1.1,TLSv1.2

TOS_DI-win32-x86.ini to 
-vmargs
-Xms256m 
-Xmx768m 
-XX:MaxPermSize=256m
-Dfile.encoding=UTF-8
-Dhttps.protocols=TLSv1.1,TLSv1.2
Talend version "6.1.1.20151214_1327"
java version "1.7.0_76"
Java(TM) SE Runtime Environment (build 1.7.0_76-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.76-b04, mixed mode)
Error Message
tSalesforceConnection_2
com.salesforce.soap.partner.UnexpectedErrorFault: UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.salesforce.soap.partner.SforceServiceStub.login(SforceServiceStub.java:17202)
at org.talend.salesforce.SforceBasicConnection.renewSession(SforceBasicConnection.java:77)
at org.talend.salesforce.SforceBasicConnection.init(SforceBasicConnection.java:71)
at org.talend.salesforce.SforceBasicConnection.<init>(SforceBasicConnection.java:49)
at org.talend.salesforce.SforceBasicConnection.<init>(SforceBasicConnection.java:25)
at org.talend.salesforce.SforceBasicConnection$Builder.build(SforceBasicConnection.java:125)
at production.test_0_1.TEST.tSalesforceConnection_2Process(TEST.java:604)
at production.test_0_1.TEST.tJava_1Process(TEST.java:521)
at production.test_0_1.TEST.runJobInTOS(TEST.java:4803)
at production.test_0_1.TEST.main(TEST.java:4653)
2016-06-27 10:34:30|MzmNRt|MzmNRt|MzmNRt|PRODUCTION|TEST|Default|6|Java Exception|tSalesforceConnection_2|com.salesforce.soap.partner.UnexpectedErrorFault:UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.|1
2016-06-27 10:34:30|MzmNRt|MzmNRt|MzmNRt|8692|PRODUCTION|TEST|_mvh9kCv_EeajroxFQLK33w|0.1|Default||end|failure|4723
disconnected
Five Stars

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Hello   I also have the same error to access a Salesforce sandbox
Is there a way to specify the use of TLS 1.1 or greated in a Talend component ?
(My Talend version is 6.1.1)
"exception in component tSalesforceConnection_1
com.salesforce.soap.partner.UnexpectedErrorFault: UNSUPPORTED_CLIENT: Le protocole TLS 1.0 a été désactivé dans cette organisation. Utilisez le protocole TLS 1.1 ou supérieur lors de la connexion à Salesforce en utilisant le https."
Five Stars

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

On my side, I resolved my problem. I installed jdk 1.8 and there is no more error about TLS 1.0
One Star

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

We cannot update to Java 8 yet. Too many dependent applications for 1.7.
Log when -Djavax.net.debug=all added
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(60000) called
main, setSoTimeout(60000) called
%% No cached client session
*** ClientHello, TLSv1
*** ServerHello, TLSv1
%% Initialized:  
** TLS_RSA_WITH_AES_128_CBC_SHA
main, READ: TLSv1 Handshake, length = 267
com.salesforce.soap.partner.UnexpectedErrorFault: UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.
2016-07-05 13:44:40|7sky71|7sky71|7sky71|PRODUCTION|TEST|Default|6|Java Exception|tSalesforceConnection_2|com.salesforce.soap.partner.UnexpectedErrorFault:UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.|1

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Hi Talend Team,
We have Talend Version: 5.6.2 , Build id: V5.6.2_20150508_1414 installed at our organisation and have integration with Salesforce and other systems.
As TLS1.0 needs to be upgraded to the higher version of TLS before it stops working.
Could you please guide me necessary steps to be taken before hand ?
Please note the I can't migrate my existing jobs to any new version of Talend.
Thanks & Regards,
Yogesh