A client (JCC, REST client, or Java code) that connects to SnapLogic triggered Ppipelines or the SnapLogic public API must support TLS 1.2. Additionally, users on older versions or unsupported browsers may not be able to login if the browser does not support TLS 1.2.
SnapLogic supports the default JRE settings defined in
y for all outbound requests. You can read more about it in the Java documentation. For Windows users, the security file will be within the JRE_HOME environment variable.
Java 11 on Cloudplex Instances
Starting from the 4.21 release, SnapLogic Cloudplex instances are on Java 11. If you use a combination of Java 8 and Java 11 across your Snaplex nodes, then we recommend you to have an unlimited JCE key size.
- TLS 1.2 is supported. TLS 1.0 and TLS 1.1 are no longer industry-standard security protocols and are no longer supported.
- SSLv3 and MD2/RSA ciphers having a key size less than 1024 are disabled by default.
To further enhance the SnapLogic platform security, the following changes in pipeline operations are introduced:
- Disabling external process (like popen) creation on Cloudplex via the Script Snap or a custom Snap. While external process creation support continues on Groundplex, this can be disabled upon customer request to firstname.lastname@example.org.
- Disabling read/write access to files in the Snaplex installation folder while executing pipelines. Impacted folders are in the $SL_ROOT directory and include bin, cloudops, dropbox, lib, run, and broker. The proc directory (on Linux nodes) is not readable or writable. Additionally, pipelines cannot write in $SL_ROOT/run/lib. If your existing Pipelines need to access log files, then we recommend that you create a sibling log file that is stored outside of the associated Snaplex installation folder.