A client (JCC, REST client, or Java code) that connects to SnapLogic triggered Pipelines or the SnapLogic public API must support TLS1.2. Additionally, users on older versions or unsupported browsers may not be able to login if the browser does not support TLS1.2.
SnapLogic supports the default JRE settings defined in /opt/snaplogic/pkgs/jre1.8.0_45/lib/security/java.security or /opt/snaplogic/pkgs/openjdk-11.0.5+10-jre/lib/security/java.securityfor all outbound requests. You can read more about it in theJavadocumentation. For Windows users, the security file will be within the JRE_HOME environment variable.
Starting from the 4.21 release, SnapLogic Cloudplex instances are on Java 11. If you use a combination of Java 8 and Java 11 across your Snaplex nodes, then we recommend you to have an unlimited JCE key size.
TLS 1.2 is supported. TLS 1.0 and TLS 1.1 are no longer industry-standard security protocols and are no longer supported.
SSLv3 and MD2/RSA ciphers having a key size less than 1024 are disabled by default.
To further enhance the SnapLogic platform security, the following changes in pipeline operations are introduced:
Disabling external process (like popen) creation on Cloudplex via the Script Snap or a custom Snap. While external process creation support continues on Groundplex, this can be disabled upon customer request email@example.com.
Disabling read/write access to files in the Snaplex installation folder while executing pipelines. Impacted folders are in the $SL_ROOT directory and include bin, cloudops, dropbox, lib, run, and broker. The proc directory (on Linux nodes) is not readable or writable. Additionally, pipelines cannot write in $SL_ROOT/run/lib. If your existing Pipelines need to access log files, then we recommend that you create a sibling log file that is stored outside of the associated Snaplex installation folder.