topic Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7 in Talend Studio

Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Anonymous — Sat, 16 Nov 2024 10:35:05 GMT

Salesforce is disabling TLS 1.0 encryption.
Our organization has not certified Java 8 for our applications. How do we configure Talend 6.1.1 to use TLS1.2 with Java 7?
I have tried adding the following Job Run VM Arguments:
-Dhttps.protocols=TLSv1.2
I have also defined the following Deployment.properties:
deployment.security.TLSv1=false
deployment.security.TLSv1.1=false
deployment.security.TLSv1.2=true

Thoughts?
The general timeframes for disabling the use of TLS 1.0 to and from Salesforce are as follows:

New production orgs created with Summer '16 or later:

New production orgs created with Summer '16 or later will require TLS 1.1 or later in HTTPS connections to or from the org.
Sandbox orgs created from a production org will inherit the TLS requirements of your production org. As such, if a production org created with Summer '16 or later creates a sandbox org, those sandbox orgs will also require TLS 1.1 or later in HTTPS connections.
The "Require TLS 1.1 or higher for HTTPS connections" CRUC setting will not be available in both production orgs created with Summer '16 or later and sandbox orgs created from such production orgs.
Sandbox orgs

June 25, 2016, at 9:30 AM PDT (16:30 UTC)

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Anonymous — Mon, 13 Jun 2016 19:58:07 GMT

6.1.1 has this fixed out of the box. No JVM args needed. Are you seeing any errors?

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Vivi2 — Wed, 22 Jun 2016 09:27:15 GMT

Hello,
I have the same problem.
I use Talend 5.6.2 (with java 6) with which twebservice component works. As tls is desabled in salesforce,talend 5.6.2 doesn't work anymore.
Before I tried with Talend 6.1.0 but twebservice component didn't work. I had error :
Exception in component tWebService_1
java.lang.NullPointerException
at org.apache.cxf.common.util.Compiler.useJava6Compiler(Compiler.java:187)
at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:141)
at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:136)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.compileJavaSrc(DynamicClientFactory.java:611)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:370)
at org.talend.webservice.helper.ServiceInvokerHelper.createClient(ServiceInvokerHelper.java:144)
at org.talend.webservice.helper.ServiceInvokerHelper.getClient(ServiceInvokerHelper.java:135)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:236)
at test.Flux.tWebService_1Process(Flux.java:929)
at test.Flux.runJobInTOS(Flux23_premep.java:8647)
at test.Flux.main(Flux23_premep.java:8445)
: test.Flux- java.lang.NullPointerException
Did the problem twebservice fix on 6.1.1? or is there a way to use 5.6.2 with tls desactivated?
I've tried also by adding -Dhttps.protocols=TLSv1.1,TLSv1.2 in twebservice but I have error below:
22 juin 2016 11:10:59 org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
ATTENTION: Interceptor for {urn artner.soap.sforce.com}SforceService#{urn artner.soap.sforce.com}login has thrown exception, unwinding now
java.lang.IllegalArgumentException: IllegalArgumentException invoking : TLSv1.1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1346)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1335)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632)
11:10:59,647 ERROR Flux.java tLog4J_1Process 1286 - IllegalArgumentException invoking : TLSv1.1
disconnected
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:197)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:238)
at test.Flux.tWebService_1Process(Flux.java:1070)
at test.Flux.runJobInTOS(Flux.java:8776)
at test.Flux.main(Flux.java:8574)
Caused by: java.lang.IllegalArgumentException: TLSv1.1
at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)
at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImpl.java:2233)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1031)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:174)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1289)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1245)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1302)
... 14 more
Exception in component tWebService_1
java.lang.IllegalArgumentException: IllegalArgumentException invoking : TLSv1.1
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1346)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1335)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:632)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:355)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:197)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:238)
at test.Flux.tWebService_1Process(Flux.java:1070)
at test.Flux.runJobInTOS(Flux.java:8776)
at test.Flux.main(Flux.java:8574)
Caused by: java.lang.IllegalArgumentException: TLSv1.1
at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)
at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImpl.java:2233)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1031)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:174)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1289)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1245)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:201)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1302)
Any help please?

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Vivi2 — Wed, 22 Jun 2016 15:12:54 GMT

Hi,
With Talend 6.1.1, I have error in twebservice:
Exception in component tWebService_1
java.lang.NullPointerException
at org.apache.cxf.common.util.Compiler.useJava6Compiler(Compiler.java:187)
at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:141)
at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:136)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.compileJavaSrc(DynamicClientFactory.java:611)
at org.apache.cxf.endpoint.dynamic.DynamicClientFactory.createClient(DynamicClientFactory.java:370)
at org.talend.webservice.helper.ServiceInvokerHelper.createClient(ServiceInvokerHelper.java:144)
at org.talend.webservice.helper.ServiceInvokerHelper.getClient(ServiceInvokerHelper.java:135)
at org.talend.webservice.helper.ServiceInvokerHelper.invoke(ServiceInvokerHelper.java:236)
at test.flux.tWebService_1Process(Flux23_premep0.java:1084)
at test.flux.runJobInTOS(Flux23_premep0.java:8788)
at test.flux.main(Flux23_premep0.java:8586)

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Anonymous — Mon, 27 Jun 2016 18:14:12 GMT

6.1.1 has this fixed out of the box. No JVM args needed. Are you seeing any errors?

I am using 6.1.1 and still recieve the tls 1.1 or greater error.
Here is what I have tried:
In Javacpl - I have unchecked support for
-Dhttps.protocols=TLSv1.1,TLSv1.2

TOS_DI-win32-x86.ini to
-vmargs
-Xms256m
-Xmx768m
-XX:MaxPermSize=256m
-Dfile.encoding=UTF-8
-Dhttps.protocols=TLSv1.1,TLSv1.2
Talend version "6.1.1.20151214_1327"
java version "1.7.0_76"
Java(TM) SE Runtime Environment (build 1.7.0_76-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.76-b04, mixed mode)
Error Message
tSalesforceConnection_2
com.salesforce.soap.partner.UnexpectedErrorFault: UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at com.salesforce.soap.partner.SforceServiceStub.login(SforceServiceStub.java:17202)
at org.talend.salesforce.SforceBasicConnection.renewSession(SforceBasicConnection.java:77)
at org.talend.salesforce.SforceBasicConnection.init(SforceBasicConnection.java:71)
at org.talend.salesforce.SforceBasicConnection.<init>(SforceBasicConnection.java:49)
at org.talend.salesforce.SforceBasicConnection.<init>(SforceBasicConnection.java:25)
at org.talend.salesforce.SforceBasicConnection$Builder.build(SforceBasicConnection.java:125)
at production.test_0_1.TEST.tSalesforceConnection_2Process(TEST.java:604)
at production.test_0_1.TEST.tJava_1Process(TEST.java:521)
at production.test_0_1.TEST.runJobInTOS(TEST.java:4803)
at production.test_0_1.TEST.main(TEST.java:4653)
2016-06-27 10:34:30|MzmNRt|MzmNRt|MzmNRt|PRODUCTION|TEST|Default|6|Java Exception|tSalesforceConnection_2|com.salesforce.soap.partner.UnexpectedErrorFault:UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.|1
2016-06-27 10:34:30|MzmNRt|MzmNRt|MzmNRt|8692|PRODUCTION|TEST|_mvh9kCv_EeajroxFQLK33w|0.1|Default||end|failure|4723
disconnected

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Anonymous — Mon, 04 Jul 2016 14:40:51 GMT

Hello I also have the same error to access a Salesforce sandbox
Is there a way to specify the use of TLS 1.1 or greated in a Talend component ?
(My Talend version is 6.1.1)
"exception in component tSalesforceConnection_1
com.salesforce.soap.partner.UnexpectedErrorFault: UNSUPPORTED_CLIENT: Le protocole TLS 1.0 a été désactivé dans cette organisation. Utilisez le protocole TLS 1.1 ou supérieur lors de la connexion à Salesforce en utilisant le https."

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Anonymous — Tue, 05 Jul 2016 10:36:49 GMT

On my side, I resolved my problem. I installed jdk 1.8 and there is no more error about TLS 1.0

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Anonymous — Tue, 05 Jul 2016 20:59:41 GMT

We cannot update to Java 8 yet. Too many dependent applications for 1.7.
Log when -Djavax.net.debug=all added
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(60000) called
main, setSoTimeout(60000) called
%% No cached client session
*** ClientHello, TLSv1
*** ServerHello, TLSv1
%% Initialized:
** TLS_RSA_WITH_AES_128_CBC_SHA
main, READ: TLSv1 Handshake, length = 267
com.salesforce.soap.partner.UnexpectedErrorFault: UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.
2016-07-05 13:44:40|7sky71|7sky71|7sky71|PRODUCTION|TEST|Default|6|Java Exception|tSalesforceConnection_2|com.salesforce.soap.partner.UnexpectedErrorFault:UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.|1

Re: Salesforce disabling TLS 1.0 encryption - Need workaround for Java 7

Anonymous — Thu, 23 Feb 2017 13:12:26 GMT

Hi Talend Team,
We have Talend Version: 5.6.2 , Build id: V5.6.2_20150508_1414 installed at our organisation and have integration with Salesforce and other systems.
As TLS1.0 needs to be upgraded to the higher version of TLS before it stops working.
Could you please guide me necessary steps to be taken before hand ?
Please note the I can't migrate my existing jobs to any new version of Talend.
Thanks & Regards,
Yogesh