The TLSv1.0 encryption protocol is going to be disabled across Boomi-managed SSL endpoints, including the platform and web services, on March 28, 2018. After TLSv1.0 is disabled, a more secure protocol (TLSv1.1 or TLSv1.2) will be required to make a connection to the Boomi platform and web services. The security community has deemed the TLSv1.0 encryption algorithm to be unsafe. Furthermore, usage of TLSv1.0 in SSL communication does not satisfy financial customer requirements for compliance with the Payment Card Industry (PCI) data communication standard. Therefore, Dell Boomi plans to disallow the use of TLSv1.0 in communication with all Boomi-managed SSL endpoints.
What are the plans and actions you must take going forward?
For Java 7 Atoms
Java 7 supports TLSv1.1 and TLSv1.2, but they are not enabled by default. When there is no HTTPS protocol explicitly set, Java 7 uses the TLSv1.0 protocol. For Java 7 Atoms to use a protocol other than TLSv1.0, the Atom must have the HTTPS Protocols property value explicitly set. At connection time, the connection negotiates the actual protocol from newest version to oldest. The order in which protocols are specified in the property value string does not matter.
To enable TLSv1.1 and TLSv1.2 for a Java 7 Atom, go to the Atom Management page -> Properties panel -> Advanced tab and add the following property:
Property Name: HTTPS Protocols
Property Value: TLSv1.1,TLSv1.2
By specifying this property, your connections to the Boomi platform and web services will use TLSv1.2. Connections to other endpoints could still fall back to TLSv1.0 if a newer version of TLS is not supported.
You must restart the Atom after you set the HTTPS Protocols property.
Web services hosted on your on-prem molecule/atom will not be impacted. However, if you would like to restrict TLS traffic to specific versions for the web services hosted on your on-prem molecule, you could change the shared web server ssl container property, independently of the HTTPS protocols property.
For Java 8 Atoms
No action is required. Java 8 Atoms default to TLSv1.2 and step down until they find a connection protocol that is supported by both endpoints.
- Atom Management > Properties panel
- Atom communication security