This is a public Forum  publicRSS

Topic

    Ruhul Amin
    TLS 1.0 Deprecation for Soap API Calls
    Topic posted October 5, 2016 by Ruhul AminExplorer 
    727 Views, 27 Comments
    Title:
    TLS 1.0 Deprecation for Soap API Calls
    Content:

    Hi Everyone,
                       According to the Oracle recommendation, we canned our production environment with TLS 1.0 Log Scanner found that it use TLS 1.0 for Soap API Calls.

    I was looking for the solution how to change the TLS version in Soap API call.

    I have searched a lot for that  but unfortunately could not find any solution for that.

    Any idea or Tutorial will be appreciated.

    Thanks.

    Ruhul  

    Version:
    TLS 1.0, Soap API call, Log Scanner

    Answer

    • Jobins Kuriakose

      @Rahul, I have updated to Java 1.8 and that solved my issue.

      If you don't want to upgrade to 1.8 then I think you have to write custom SocketFactory. Please go through this.

      http://stackoverflow.com/questions/34180289/how-to-enforce-an-axis-client-to-use-tlsv1-2-protocol

       

    • Anu Chandran

      Hi All,

      We got a test site with TLS 1.0 disabled and we are testing a .NET script and tried to add the new WSDL (of the new test site) as service reference but we are getting this error 'Could not create SSL/TLS secure channel'.Tried with ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

      Script was tested in .NET framework 4.6.2 but still this issue persist.Any help is appreciated.

      Thanks

      Anu Chandran

    • Scott Harwell

      In your code, are you explicitly setting the SSL version?  That will still force use of earlier versions...

      ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
      

      You may have also defined the version in your app.config file.

    • Anu Chandran

      Hi Scott,

      Thanks for the quick response.

      I am not specifying the SSL version anywhere in the code.

      I tried removing this code

      ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
      

      But still I get an error when trying to add the new wsdl of the site in which TLS1.0 is disabled as service reference.

      Thanks

      Anu Chandran

    • Scott Harwell

      If you had that security protocol line in your code, and you removed it, then you were explicitly setting the version of SSL to use.

      Try changing to 1.2 forcefully:

      ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
      
    • Ruhul Amin

      Hi,

        Our current installation of Oracle service cloud is February 2015. Our Service cloud upgrade plan is in Next February 2017.

        We are planning to upgrade the .Net version to 4.6 now and re-compile the .Net Addins source with framework 4.6.2

        My Question , is our current version support .Net Framework 4.6.2

      Thanks and regards.

      --Ruhul

    • Ashima Katyal

      Hi Guys,

      All our .NET applications
      (Windows and Web) are on version 4.5 and running on our local production servers. DO we need to rebuild each application ?

      Thanks

    • Naman Sanghvi

      Hey All,

      Can you suggest what minimum version of .Net required for SOAP application to fix this TLS ? I am confused if it should be 4.5 or 4.6.2?

      does anyone have a link or documentation to refer to regarding the .net framework required ?

      Many thanks.

    • Scott Harwell

      TLS 1.2 is supported at a minimum version of .NET 4.5.  You can use that version, or a higher version, to get TLS 1.2 support.

      Once you have the right version of .NET, you need to ensure your code uses TLS 1.1 or 1.2.  If you upgrade .NET, and your application still attempts to auto-handshake with TLS 1.0, then you will need to update your code to force a more secure version (just use 1.2 in this case), as mentioned in the earlier posts.

    • Cole Spolaric

      Hi Naman

      4.6.2 will default to TLS 1.2.  4.5 requires that you add a line of code to use TLS 1.2, otherwise it defaults to TLS 1.1.

      So, you are better off using 4.6.2 as long as it doesn't cause any issues within your code. (Such as something being deprecated)

       

    • Naman Sanghvi

      Thanks Scott and Cole.. Your answers are helpful.

    • Adam Cook

      Hi All,

      We got a test site with TLS 1.0 disabled ...

      Thanks

      Anu Chandran

      Hi Anu,

      How did you get a test site with TLS 1.0 disabled. That would be very useful, I cannot see an option for that.

       

      Thanks

       

      Adam