TLS version compatibility upgrade¶
Introduction¶
Harmony supports Transport Layer Security (TLS) 1.2 encryption, with limited backward compatibility with TLS 1.1 and TLS 1.0.
We recommend using TLS 1.2 with your endpoints where possible, as TLS 1.1 and TLS 1.0 are subject to security vulnerabilities and have been disabled in many systems.
In addition, using TLS 1.2 may be required in order to meet requirements for some endpoints. For example, starting in September 2019, Salesforce began disabling TLS 1.1 and requiring the TLS 1.2 version (see Salesforce Disabling TLS 1.1).
Tip
For additional details on how Jitterbit manages information security, see the Jitterbit security and architecture white paper.
TLS support in Jitterbit applications¶
Jitterbit cloud agents and web-based applications accessed through the Harmony portal already use TLS 1.2 automatically without user action. Cloud agents 10.47 and higher no longer support TLS 1.0 and TLS 1.1 with JDBC driver connections to database endpoints in Integration Studio (Database connection) and Design Studio (Database source and Database target).
If you have an older version of a locally installed Jitterbit application, you may need to upgrade the version in order to use TLS 1.2. Later versions of some Jitterbit applications may no longer be backward compatible with TLS 1.1 or TLS 1.0, as noted below. To check the version you are currently using, see Finding my Jitterbit version.
These are the minimum Jitterbit versions that support TLS 1.2 and instructions for upgrading:
-
Jitterbit cloud API gateway The Jitterbit cloud API gateway supports and requires TLS 1.2. TLS 1.1 and TLS 1.0 are no longer supported. Though we do not recommend it, if you require TLS 1.1 a Jitterbit private API gateway can be configured and used with TLS 1.1.
-
Jitterbit private agents
Private agent versions 8.4 and later support TLS 1.2. For upgrade instructions, see these pages:Private agent versions 10.47 and later no longer support TLS 1.0 and TLS 1.1 for JDBC driver connections to database endpoints by default. TLS 1.0 or 1.1 can be re-enabled (though not recommended) by removing
TLSv1
orTLSv1.1
from thejdk.tls.disabledAlgorithms
security property in the private agentjava.security
configuration file.The private agent
java.security
configuration file is located in these default directories:WindowsC:\Program Files\Jitterbit Agent\jre\lib\security
Linux/opt/jitterbit/jre/lib/security
-
Jitterbit Design Studio
Design Studio versions 8.4 and later support TLS 1.2. For upgrade instructions, see these pages: -
Jitterbit Data Loader
Data Loader versions 8.16.13.1 and later support TLS 1.2. For upgrade instructions, see Upgrade Jitterbit Data Loader.Data Loader versions 10.47 and later no longer support TLS 1.0 and TLS 1.1 for JDBC driver connections to database endpoints by default. TLS 1.0 or 1.1 can be re-enabled (though not recommended) by removing
TLSv1
orTLSv1.1
from thejdk.tls.disabledAlgorithms
security property in the Data Loaderjava.security
configuration file, which can be found at this default location:C:\Program Files (x86)\Jitterbit Cloud Data Loader\jre\lib\security
-
Jitterbit private API gateway
Jitterbit private API gateway versions 8.14 and later support TLS 1.2. TLS 1.0 is no longer supported as of private API gateway version 10.3. For upgrade instructions, see Install a private API gateway. -
Jitterbit version 5
Legacy versions 5.5.2 and later support TLS 1.2.