I am working on a salesforce application which is hitting an API built using ruby on rails. Initially this application was working fine until I faced errors while deploying the application using Jenkins. I checked the logs and it mentions "Stronger security is required, To access this website, update your web browser or upgrade your operating system to support TLS 1.1 or TLS 1.2. Salesforce disabling TLS 1.0".
What can i alter within my ROR application to resolve this error. I have already tried adding openssl gem to my gemfile but the issue still persists. Here is the error log:
<table width="100%" height="100%" border="0">
<tr><td width="100%" height="100%"><div class="content"><h1>Stronger security is required</h1><div class="simple"><p>To access this website, update your web browser or upgrade your operating system to support TLS 1.1 or TLS 1.2.</p><p>For more information, see Salesforce disabling TLS 1.0.
</p></div></div></td></tr>
</table
Please see if this works for you.
Find the openssl version. You can use the following command "openssl
version" in command line. Ensure that the version is 1.0.1 or higher.
TLS 1.1 / TLS 1.2 support starts from
OpenSSL 1.0.1
(https://github.com/ruby/ruby/commit/060184c347822b11dff3db6bef915c04a564c4e4)
Set ssl_version on your SSLContext:
ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :TLSv1_2
Which version of ruby and openssl did you try? According Salesforce documentation:
Ruby
Compatible with the most recent version when linked to OpenSSL 1.0.1 or higher.
Ruby 2.0.0
TLS 1.2 is enabled by default when used with OpenSSL 1.0.1
or higher. Using the :TLSv1_2 (preferred) or :TLSv1_1 symbols with an
SSLContext's ssl_version helps ensure that TLS 1.0 or earlier is
disabled.
Ruby 1.9.3 and below
The :TLSv1_2 symbol does not exist in 1.9.3 and below, but it is
possible to patch Ruby to add that symbol and compile Ruby with
OpenSSL 1.0.1 or higher.
Related
I have project with Renesas RA4M2 processor that supports crypto hardware acceleration. Program needs to proceed some cryptographic functionality. For this reason I use MBED TLS library provided in sample files from Renesas. Sample project uses MBED TLS version 2.25.0 while current version is 3.1.0.
I need to proceed some manipulations with certificate file parsing and I found that MBED TLS version 2.25.0 from Renesas site is different than in official MBET TLS git repository. Some files are just missing while other ones are changed.
For example MBED TLS 2.25.0 from Renesas does not have mbedtls_x509_crt_parse_file() function.
How to parse certificate files in MBED TLS 2.25.0 from Renesas?
According to https://devblogs.microsoft.com/dotnet/announcing-net-core-3-0/, the newest version of .NET core should be backward compatible with the previous versions.
However, building a docker image with 2.2sdk won't run on a container with runtime 3.0... Am I missing something or is it the normal behavior?
There is no mention of that in the linked article?
What you are experiencing is normal behavior. Major versions are not backwards compatible (for runtimes).
In your case running a .net core 2.2 app will not work on an image with a .net core 3.0 runtime.
You can read more about version selection where the following is mentioned:
The host chooses the latest patch version installed on the machine. For example, if you specified netcoreapp2.0 in your project file, and 2.0.4 is the latest .NET runtime installed, the 2.0.4 runtime is used.
If no acceptable 2.0.* version is found, a new 2.* version is used. For example, if you specified netcoreapp2.0 and only 2.1.0 is installed, the application runs using the 2.1.0 runtime. This behavior is referred to as "minor version roll-forward." Lower versions also won't be considered. When no acceptable runtime is installed, the application won't run.
A few usage examples demonstrate the behavior, if you target 2.0:
2.0 is specified. 2.0.5 is the highest patch version installed. 2.0.5 is used.
2.0 is specified. No 2.0.* versions are installed. 1.1.1 is the highest runtime installed. An error message is displayed.
2.0 is specified. No 2.0.* versions are installed. 2.2.2 is the highest 2.x runtime version installed. 2.2.2 is used.
2.0 is specified. No 2.x versions are installed. 3.0.0 is installed. An error message is displayed.
They also mention roughly adhering to semantic versioning here:
MAJOR is incremented when:
Significant changes occur to the product, or a new product direction.
Breaking changes were taken. There's a high bar to accepting breaking changes.
An old version is no longer supported.
A newer MAJOR version of an existing dependency is adopted.
I am using 'pod 'AFNetworking', '~> 3.1.0' in one of my project which using Opentok SDK. I have received a mail which says Opentok will be disabling support for TLS 1.1 at a later date (July 31st, 2018). Can anyone help to check my TLS version using?
App Transport Security requires TLSv1.2, so unless you are adding exceptions for individual hosts, AFNetworking must also be using TLSv1.2 for you.
However, the Tokbox SDK does not use AFNetworking, and has supported TLSv1.2 from at least the v2.6 SDK.
I'm trying to build and install Freeradius version 3.0.8 using these instructions. But after starting Freeradius in debug mode using command radiusd -X shows following error.
libssl version mismatch. built: 1000207f linked: 1000114f
I tried removing libssl-dev and reinstall, But no luck.
Appreciate any help to resolve this version mismatch error. My os is Ubuntu 16.4
If you're building/installing on the same server you have multiple versions of OpenSSL installed. When you built the server it found version 1.0.2, when the server runs however, it's linked against 1.0.1. The server refuses to start because 1.0.2 and 1.0.1 are ABI incompatible and allowing the server to start may cause subtle errors in any code that called OpenSSL.
As a workaround you can use the LD_PRELOAD environmental variable to specify the path to OpenSSL 1.0.2.
If you're building/installing on two different systems you must ensure both systems have the same version of OpenSSL.
I just upgraded Indy to th latest version (10.5.7), I was using the OpenSSL dlls in version 0.9.8.13.
Is it good to use the latest version (1.0.0a) or since the version I have (0.9.8.13) works fine it is a risk to upgrade since there can be bugs in it?
They are ready, read here OpenSSL v0.9.8o and v1.0.0a for Indy
but read this note on the blog
Note: This version needs the very
latest Indy SVN (Revision #4168 and
newer). This is due to changes in
OpenSSL (i.e. removing deprecated MD2
by default).