We have evaluated CVE-2022-22963 and CVE-2022-22965, the "Springshell" vulnerability, and have determined that ConnectALL is not vulnerable. Details are posted on this page.


Unable to connect to Salesforce

The Problem

In a recent patch, Salesforce mandated to use TLSv1.1 when creating a connection using the remote API. ConnectALL runs on JRE 1.7 which defaults to use TLSv1.0 and so the connections to Salesforce are failed. When creating an application link or when running the sync you will see errors as given in the examples below.

Example 1

[UnexpectedErrorFault [ApiFault exceptionCode='UNSUPPORTED_CLIENT'
exceptionMessage='TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.'
]

Example 2

Login failed for user:salesforce@username.com Exception:
com.sforce.ws.ConnectionException: Failed to parse detail:  START_TAG seen ...</sf:exceptionMessage><sf:upgradeURL>... @1:752 due to: com.sforce.ws.ConnectionException: unable to find end tag at:  START_TAG seen ...</sf:exceptionMessage><sf:upgradeURL>... @1:752

The Solution

In order to resolve this error, we can simply change the JAVA_OPTS to use TLSv1.1 when creating the SSL connections.

Steps to resolve for ConnectALL windows installation

Tomcat Configuration
Follow the steps to configure the Tomcat
  1. Open Service Manager in windows, select the ConnectALL tomcat service typically named "Apache CATomcat".
  2. Right click on the service, and take a note of the service name and the installation directory as shown below
  3. Stop the service if its running
  4. Open Command prompt as administrator and navigate to <tomcat installation directory>\bin
  5. Run the below command to edit the service {{tomcat6w.exe //ES//CATomcat}} where CATomcat is the name of the service from step 2
  6. Add -Dhttps.protocols=TLSv1.1,TLSv1.2 under the JAVA_OPTS as shown below
  7. Save the configurations and start the service
Mule Configuration

Follow the below steps to configure the mule service

  1. Open the Service Manager, and select the ConnectALL mule service typically named "ConnectALL-Mule"
  2. Stop the service if running
  3. Run "Notepad" or any of your favorite text editors as administrator
  4. Open %MULE_HOME%\conf\wrapper.conf file in the text editor
  5. Check the last sequence no. of wrapper.java.additional properties in the file
  6. Add a new wrapper.java.additional.<n>=-Dhttps.protocols=TLSv1.1,TLSv1.2 property with the next sequence no. as shown below,
    (In the example the last sequence no. was found to be <7> from step 5)
  7. Save the changes
  8. Start the mule service

Steps to resolve for ConnectALL Linux installation

Tomcat Configuration

Follow the steps to configure the Tomcat service

  1. Login to the terminal as an Administrator
  2. Stop the tomcat service using the command service tomcat stop
  3. Navigate to <Tomcat installation directory>/bin
  4. Open setenv.sh in your favorite editor and add the JAVA_OPTS as shown below
  5. Save the configuration
  6. Start the tomcat service using the command service tomcat start
Mule Configuration

Follow the below steps to configure the mule service

  1. Login to terminal as Administrator
  2. Navigate to $MULE_HOME/bin directory
  3. Execute the command ./mule stop to stop the mule service, and wait for the process to stip
  4. Navigate to $MULE_HOME/conf directory
  5. Open wrapper.conf in your favorite editor
  6. Check the last sequence no. of wrapper.java.additional properties in the file
  7. Add a new wrapper.java.additional.<n>=-Dhttps.protocols=TLSv1.1,TLSv1.2 property with the next sequence no. as shown below,
    (In the example the last sequence no. was found to be <8> from step 6)
  8. Save the configuration
  9. Navigate to $MULE_HOME/bin directory and execute ./mule start to start the service again