The TLS protocol provides communications security over the Internet.

The TLS protocol provides communications security over the Internet.The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. Now SFDC is going to upgrade the TLS 1.0 to 1.1.This may impact the existing custom integration.So need to apply patches to the SOA and JDeveloper.

Introduction

Currently the integration between Oracle E-biz to SFDC is working under TLS 1.0.Now the version is going to be upgraded to 1.1.

After upgradation of TLS 1.1 , the existing integration system will not work.It may shown a error as “This version is no longer supported” or “Unsupported Clients” in SFDC Adapter.

Following are the 4 phases to achieve the TLS 1.1 or higher Http security upgradation in SFDC and SOA.

Phase (1) SFDC Change/Configuration:

Login to the SFDC and do the following steps

1.1) Upgrade TLS 1.0 to 1.1 in SFDC:

Go to Critical Updates –> Click Activate next to “Require TLS 1.1 or higher…”

1.2) Generate WSDL file for SFDC

Go to the API under Develop –> get the enterprise WSDL.

Phase (2) Weblogic, SOA and Jdeveloper Patch Application to upgrade the Instance for HTTP TLS1.1 or Higher:

2.1) Upgrade the java from 1.6.0_45 to 1.7.0_45 in (Weblogic + SOA) Server.

2.2) Apply the patch(22612527) for Both SOA(Run time) in the Server and Jdeveloper(Design time) in Desktop Only. (Ref:Oracle Doc ID 2112308.1)

i) Apply the pre-requisite first, before applying the patch (22612527) refer README.txt.

ii) Note : This patch requires pre-requisite, Please check that also.Before applying Patch 22612527 , must correctly apply the prerequisite Patch 13866584 as per the readme. Be aware that patch 13866584 will not appear in the OPatch inventory since its installation is a copy/paste method.

iii) Apply the patch 11.1.1.7.0 version of 22612527 after step2.

iv) Correct the JAVA_HOME path in script file setDomainEnv.sh ,

v) Also,have to add JAVA_OPTIONS in setDomainEnv.sh

vi) Edit JAVA OPTIONS inside setDomainEnv.sh[cmd] under %domain_home_dir%/binfolder. Include the following java option:

{JAVA_OPTIONS} -Dhttps.protocols=TLSv1.0,TLSv1.1,TLSv1.2″

export JAVA_OPTIONS

vii) Restart the Weblogic& SOA server.

viii) Please make sure -Dhttps.protocols=”TLSv1.1,TLSv1.2″ shows up server.outfile after server startup

ix) As you can see, the list is comma delimited. If you want support forversion 1.0 through 1.2, you would set the property: -Dhttps.protocols=”TLSv1.0,TLSv1.1,TLSv1.2″

Phase (3) Server Changes/Configuration:

Login to the Console(http://url:port/console).Go to Server under Environment,choose the following server

3.1) Admin server:

Under SSL enable tick mark in USE JSSE SSL parameter

Hostname verification field is to be set to “None” on server side

3.2) SOA server:

Under SSL enable tick mark in USE JSSE SSL

Hostname verification field is set to “None” on server side.

Phase (4) Create a SOA composite and deploy:

4.1) Open JDeveloper , create a SOA Composite according to the business requirement.

4.2) Deploy it in the server.