TLS Version Compatibility Upgrade¶

Introduction¶

Harmony supports Transport Layer Security (TLS) 1.2 encryption, with limited backward compatibility with TLS 1.1 and TLS 1.0.

We recommend using TLS 1.2 with your endpoints where possible, as TLS 1.1 and TLS 1.0 are subject to security vulnerabilities and have been disabled in many systems.

In addition, using TLS 1.2 may be required in order to meet requirements for some endpoints. For example, starting in September 2019, Salesforce began disabling TLS 1.1 and requiring the TLS 1.2 version (see Salesforce Disabling TLS 1.1).

TLS Support in Jitterbit Applications¶

Harmony Cloud Agents and cloud-based Harmony applications accessed through the Harmony Portal already use TLS 1.2 automatically without user action. Cloud Agents 10.47 and higher no longer support TLS 1.0 and TLS 1.1 with JDBC driver connections to database endpoints in Cloud Studio (Database Connection) and Design Studio (Database Source and Database Target).

If you have an older version of a locally installed Jitterbit application, you may need to upgrade the version in order to use TLS 1.2. Later versions of some Jitterbit applications may no longer be backward compatible with TLS 1.1 or TLS 1.0, as noted below. To check the version you are currently using, see Finding My Jitterbit Version.

These are the minimum Jitterbit versions that support TLS 1.2 and instructions for upgrading:

• Jitterbit Cloud API Gateway The Jitterbit Cloud API Gateway supports and requires TLS 1.2. TLS 1.1 and TLS 1.0 are no longer supported. Though we do not recommend it, if you require TLS 1.1 a Jitterbit Private API Gateway can be configured and used with TLS 1.1.

• Harmony Private Agents
  Private Agent versions 8.4 and later support TLS 1.2. For upgrade instructions, see these pages:

  • Installing a Harmony Linux Agent
  • Installing a Harmony Windows Agent
  • Installing a Harmony Docker Agent

  Private Agent versions 10.47 and later no longer support TLS 1.0 and TLS 1.1 for JDBC driver connections to database endpoints by default. TLS 1.0 or 1.1 can be re-enabled (though not recommended) by removing TLSv1 or TLSv1.1 from the jdk.tls.disabledAlgorithms security property in the Private Agent java.security configuration file.

  The Private Agent java.security configuration file is located in these default directories:

  Windows

  C:\Program Files\Jitterbit Agent\jre\lib\security
  

  Linux

  /opt/jitterbit/jre/lib/security
  

• Harmony Design Studio
  Design Studio versions 8.4 and later support TLS 1.2. For upgrade instructions, see these pages:

  • Installing Jitterbit Design Studio on macOS
  • Installing Jitterbit Design Studio on Windows

• Harmony Data Loader
  Data Loader versions 8.16.13.1 and later support TLS 1.2. For upgrade instructions, see Upgrading Jitterbit Data Loader.

  Data Loader versions 10.47 and later no longer support TLS 1.0 and TLS 1.1 for JDBC driver connections to database endpoints by default. TLS 1.0 or 1.1 can be re-enabled (though not recommended) by removing TLSv1 or TLSv1.1 from the jdk.tls.disabledAlgorithms security property in the Data Loader java.security configuration file, which can be found at this default location:

  C:\Program Files (x86)\Jitterbit Cloud Data Loader\jre\lib\security
  

• Jitterbit Private API Gateway
  Jitterbit Private API Gateway versions 8.14 and later support TLS 1.2. TLS 1.0 is no longer supported as of Private API Gateway version 10.3. For upgrade instructions, see Installing a Private API Gateway.

• Jitterbit Version 5
  Legacy versions 5.5.2 and later support TLS 1.2. For upgrade instructions, see Downloading and Installing Jitterbit Linux Server v5.x.