Hear from Salesforce leaders on how to create and deploy Agentforce agents.
Register now
Contact Us 1-800-596-4880
  1. Homepage
  2. Mule SDK
  3. Java SDK
  4. Security
  5. OAuth

  6. TLS

TLS Configuration

Adding support for TLS configuration in your module is as simple as declaring a parameter of type TlsContextFactory, for example:

@Parameter
@Optional
private TlsContextFactory tlsContextFactory;
java

The example above will automatically generate support for this XML setting:

<tls:context enabledProtocols="TLSv1.2,SSLv3">
    <tls:trust-store path="my-trust-store.jks" password="myPassword"/>
    <tls:key-store path="my-key-store.jks" keyPassword="myPassword" password="myPassword"/>
</tls:context>
xml

Note that a TLS context can also be defined as a global element of your app, so you can reference it by its name anywhere you need to use it.

If TLS needs are hidden from the user (for example, if you need to connect safely to a service internally), you can create your own TlsContextFactory using its builder:

private final TlsContextFactory tlsContextFactory = TlsContextFactory.builder()
                                                        .trustStorePath("tls/trustStore")
                                                        .trustStorePassword("mulepassword")
                                                        .build()
java

This builder also allows creating default instances of TlsContextFactory:

private final TlsContextFactory defaultTlsContextFactory = TlsContextFactory.builder().buildDefault();
java

Once a TlsContextFactory is available (whether as a parameter or obtained through its builder), it should be initialized, for example:

if (tlsContextFactory instanceof Initialisable) {
  ((Initialisable) tlsContextFactory).initialise();
}
java

It can then be used to obtain an SSLContext, a SSLSocketFactory or a SSLServerSocketFactory. It can also obtain enabled TLS protocols and cipher suites, allowing you to set up most Java components that use TLS/SSL as shown in the examples below.

You could set up a FTPSClientLeaving the Site by obtaining an SSLContextLeaving the Site and then configure the protocols and cipher suites for it:

SSLContext sslContext = tlsContextFactory.createSslContext();
String[] enabledProtocols = tlsContextFactory.getEnabledProtocols();
String[] enabledCiphers = tlsContextFactory.getEnabledCipherSuites();

FTPSClient client = new FTPSClient(sslContext);
client.setEnabledProtocols(enabledProtocols);
client.setEnabledCipherSuites(enabledCiphers);
java

You could obtain an SSLSocketFactoryLeaving the Site to create your own SocketLeaving the Site:

SSLSocketFactory sslSocketFactory = tlsContextFactory.createSocketFactory();
Socket socket = sslSocketFactory.create();
java

To create a ServerSocketLeaving the Siteinstead, you can obtain an SSLServerSocketFactoryLeaving the Site:

SSLServerSocketFactory sslServerSocketFactory = tlsContextFactory.createServerSocketFactory();
ServerSocket socket = sslServerSocketFactory.createServerSocket();
java

To correctly configure TLS context and all the available parameters that you can set, see Configure TLS with Keystores and Truststores.