+ Start a Discussion
Bhushan burujwaleBhushan burujwale 

Login over insecure channel

We have an integration with SOAP API and are using partner.wsdl.
As salesforce is supporting TLS version 1.1 and higher we have made the required code changes 
which is setting the TLS version as "TLSv1.2".
We have observed in the login history that some time it uses TLS version 1.0 and status is 
"Failed: Login over insecure channel".

Example Login History:
bhus.NTYTU@36demo.com    2/17/2017 16:07    115.248.170.162    Other Apex API    Failed: Login over insecure channel    Axis 1.4    Unknown    N/A    N/A    SOAP Partner    33    login.salesforce.com    TLS 1.0    AES128-SHA    IN    India        424001    20.9    74.7833

We have set a JVM parameter as Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 and using axis 1.4 as 3rd party, what could be the reason that it is selecting TLS version 1.0.
Ashish DevAshish Dev
What is the JDK version are you using?
You may try https.protocols=TLSv1.1,TLSv1.2
Bhushan burujwaleBhushan burujwale
JDK version - 1.7 
We cannot remove "TLSV1" as it's required by other application on JBoss. 

We have below code that actually sets SSLContext to TLSv1.2 but why does it use TLSV1

try{
SSLContext  context = SSLContext.getInstance("TLSv1.2");
            context.init(null, // KeyManager not interesting here
                    new TrustManager[] { new AllowAllTrustManager()},
                    new java.security.SecureRandom());
            SSLContext.setDefault(context);
        }catch (Exception e) {
            if(log.isErrorEnabled()){
                log.error("Error occured while setting SSL Protocol " ,e);
            }
            throw new ConnectorException(e);
        }

Regards,
Imran
Ashish DevAshish Dev
By any chance can you update jdk to 8, most probably this error will not occure in jdk8.
Bhushan burujwaleBhushan burujwale
No, we cannot upgrade to jdk 8. Is there any way to set TLS v1.2 on axis 1.4.
 
Bhushan burujwaleBhushan burujwale
We were with idea that some other application is setting TLSv1 in the web container after we set  SSLContext.getInstance("TLSv1.2").
Hence it updates the TLSv2 with TLSv1.
So we tried by setting the SSLContext in the (Apache TOMCAT) container to TLSv1, but still, the context was set to TLSv1.2 and
the login History of salesforce was displaying TLSv1.2.

The jdk used in 1.7 and we cannot upgrade to jdk 1.8.
Please check the code snippet:

try{
SSLContext  context = SSLContext.getInstance("TLSv1.2");
            context.init(null, // KeyManager not interesting here
                    new TrustManager[] { new AllowAllTrustManager()},
                    new java.security.SecureRandom());
            SSLContext.setDefault(context);
        }catch (Exception e) {
            if(log.isErrorEnabled()){
                log.error("Error occured while setting SSL Protocol " ,e);
            }
            throw new ConnectorException(e);
        }

Regards,
Imran