The TLS v1.0 encryption protocol will end across Boomi-managed SSL endpoints, including the platform, APIs, and web services. The more secure protocols TLS v1.1 and TLS v1.2 are to be used to make a secure connection.
On March 28, 2018, Dell Boomi disabled support for TLS v1.0 on the Dell Boomi EU and ANZ Atom Clouds and all Dell Boomi Hub (MDM) Clouds. On May 23, 2018, Dell Boomi additionally disabled support for TLS v1.0 on the Dell Boomi platform and the Dell Boomi US Atom Cloud.
Why are we doing this
The TLS v1.0 encryption algorithm does not satisfy the Payment Card Industry (PCI) data communication compliance standard. This mandate affects all service providers who process or transmit credit card data. For more information regarding PCI and TLS v1.0 click here
What are the plans and actions you must take going forward?
If you have clients connecting into Platform APIs, or Boomi Atom Clouds, please ensure that the client making these connections supports TLS v1.1 and higher.
If you are using on-premise Atoms or Molecules, ensure that you have taken the necessary steps listed below to ensure your on-premise Atoms and Molecules can communicate with the Boomi Platform.
a) If you are operating on Java 8, you do not have to take any action. Java 8 Atoms default to TLS v1.2 and step down until they find a connection protocol that is supported by both endpoints.
b) If you are operating on Java 7, please upgrade to Java 8.
c) If you cannot upgrade to Java 8, please review the following steps to configure TLSv1.2 on Java 7.
Java 7 supports TLSv1.1 and TLSv1.2, but they are not enabled by default. When there is no HTTPS protocol explicitly set, Java 7 uses the TLSv1.0 protocol. For Java 7 Atoms to use a protocol other than TLSv1.0, the Atom must have the HTTPS Protocols property value explicitly set. At connection time, the connection negotiates the actual protocol from newest version to oldest. The order in which protocols are specified in the property value string does not matter.
To enable TLSv1.1 and TLSv1.2 for a Java 7 Atom, go to the Atom Management page -> Properties panel -> Advanced tab and add the following property:
Property Name: HTTPS Protocols
Property Value: TLSv1.1,TLSv1.2
By specifying this property, your connections to the Boomi platform and web services will use TLSv1.2. Connections to other endpoints could still fall back to TLSv1.0 if a newer version of TLS is not supported.
You must restart the Atom after you set the HTTPS Protocols property.
What errors would I expect to see after March 28
“SSLHandshakeException: Received fatal alert: handshake_failure"
What if I’m hosting web services on my own Atom or Molecules
If you are hosting SSL endpoints via on-premise Atoms or Molecules, the TLS version required to connect into your endpoints will not be impacted by this change.
- Atom Management > Properties panel
- Atom communication security