Security protocol support in Jitterbit App Builder
App Builder is a .Net application. In .Net, the supported SSL and TLS security protocols are global settings. They must be set at startup, before making any HTTP connections. The default security protocols supported vary by App Builder version.
Version | SSL 3.0 | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 |
---|---|---|---|---|---|
1.0 | Yes | Yes | No | No | No |
1.1 to 1.5 | No | No | Yes | Yes | No |
1.6 and up | No | Yes | Yes | Yes | No |
4.0 and up | No | No | No | Yes | Yes |
Developers can override the default security providers. To do so, edit the AppSettings.config
file:
Vinyl\Config\AppSettings.config
Add a SecurityProtocols
key with a comma delimited list of values. The values must correspond to member names of the SecurityProtocolType enumeration. For example:
<?xml version="1.0" encoding="utf-8" ?>
<appSettings>
<add key="SecurityProtocols" value="Ssl3, Tls, Tls11, Tls12" />
</appSettings>
For more on customizing the AppSettings.config file, see Custom .NET configuration.
Warning
Some security protocols are inherently insecure and should be avoided. In particular, SSL 3.0 is vulnerable to the POODLE attack.