Hi devs, Salesforce will discontinue support for TLS v1.0 beginning March 2017. I've raised the issue[1] and I think that we could be proactive for the 2.17.x.
What I would suggest is for the camel-salesforce component: 1. if the JVM doesn't support TLS v1.1 or newer print warning message in the log 2. change the default from SSL protocol "TLS" to the highest TLS version supported by the JVM Now, you might wonder why this is necessary at all, after all the org.apache.camel.util.jsse.* already configures SSLEngine to enable all protocols[2] and disables SSL protocols[3], and with that it will work out of the box. I think that this is worthwhile because in case the user explicitly configured the `sslContextParameters` on the component, or is running under a JVM that's configured with different JSSE provider that does not support TLS version 1.1 or newer. Does this make the change unrelevant, I'd like to discuss this, so any comments welcome, best outcome is that this is not needed at all and I would like to hear arguments to that :) Talk is cheap so I made a pull request[4]. zoran [1] https://issues.apache.org/jira/browse/CAMEL-10519 [2] https://github.com/apache/camel/blob/master/camel-core/src/main/java/org/apache/camel/util/jsse/BaseSSLContextParameters.java#L68-L69 [3] https://github.com/apache/camel/blob/master/camel-core/src/main/java/org/apache/camel/util/jsse/BaseSSLContextParameters.java#L71-L72 [4] https://github.com/apache/camel/pull/1307 -- Zoran Regvart
