Tuesday, June 28, 2016

SalesForce - TLS 1.0 has been disabled - Oracle SOA BPEL webservice

One fine day all of a sudden I started getting the following errors from all the web-services trying to connect to the SalesForce system.

Client received SOAP Fault from server : UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.

Ok, the SalesForce system was upgraded over the weekend. And one of the upgrades was to stop supporting TLS 1.0 and only support TLS 1.1 or higher version of SSL protocols.


Question:


How do we upgrade Oracle SOA web services to support TLS 1.1 or higher? 
Where does this  settings resides and how do we change it?

What a nightmare!

Luckily this is something that Java 7 supports, Phew! And it is just a matter of setting the system param

-Dhttps.protocols=TLSv1.1,TLSv1.2

or code as

System.setProperty("https.protocols", "TLSv1.1,TLSv1.2");

in your java program before calling the webservice.

How to change it in Oracle SOA?

  • Login to SOA server (windows/Unix)
  • Goto Domain home and then cd bin
  • vi setSOADomainEnv.sh
    • and past the following content at the end of the file
EXTRA_JAVA_PROPERTIES="${EXTRA_JAVA_PROPERTIES} -Dhttps.protocols=TLSv1.1,TLSv1.2"
export EXTRA_JAVA_PROPERTIES
  • Now bounce the SOA managed servers.
  • If you have a clustered server then remember to do it on all the nodes.
  • This solution works on Oracle SOA 12.1.3