Tuesday 28 June 2016

TLS 1.0 has been disabled For Sandbox - Salesforce

Salesforce has finally disabled TLS 1.0 in sandboxes .This is in preparation for disablement later in 2017 for PRODUCTION instances .

Now this would have not impacted your integrations in PRODUCTION org but if your integration is broken in your sandbox ,this means you have only few months to sort this and fix before this affects your integration for PROD live users .

Before we deep drive on how to possibly fix this and work with your external systems to figure solution ,lets first understand what is TLS and why did SFDC moved to 1.x and had to disable TLS 1.0

TLS 1.0 Explained
























TLS 1.1 Improvements 

  • Added protection against cipher-block chaining (CBC) attacks.
  • Support for IANA registration of parameters.


Clearly TLS 1.1 is more secure(Compared to 1.0) and protects salesforce resources against CBC attacks .

Identify if this change broke anything .The things that can be affected in your instances are as below
  1. Web requests to Salesforce URLs that require authentication
  2. Web requests to the login page of a My Domain
  3. Web requests to Community or Force.com sites
  4. Web requests to Customer and Partner portals
  5. Web to lead, web to case, and web to custom object requests
  6. API requests to Salesforce
  7. Callouts using Apex to a remote endpoint
  8. Workflow outbound messaging callouts to a remote endpoint
  9. Callouts using Lightning Connect to a remote endpoint
  10. AJAX proxy callouts to a remote endpoint
  11. Delegated authentication callouts to a remote endpoint
  12. Mobile apps developed with Salesforce Mobile SDK need to upgraded to SDK v4
That's a big list and if you are an enterprise org ,then I am sure you would have at least one of the above things in your org and you may find it to be broken .

The most common complains that I have received and encountered myself has been our IDE no more able to authenticate or our eclipse no more working ,or our migration tools are affected .

An example screenshot of error I got last night working with my ANT tool is as below






So below are some of the suggestions to fix this issue,

1. If you are using force.com migration tool and ANT process be on a latest ANT version -atleast 36.0
2.If you are using Java 7 ,upgrade to Java 8 since Java 8 by default uses 1.2 
3.If have an integration running on a webserver ,there will be setting to disable TLS 1.0 
4.You can disable TLS 1.0 in your browser 

5.Look for specific configuration if you want to explicitly force tools to use TLS 1.1 or TLS 1.2 .For example if you still want to use Java 7 and force your ANT tool to use TLS 1.1 ,you can add an environment variable like below for windows 









6.If you use Java 7, disable TLS 1.0. (TLS 1.0 is disabled by default in Java 8.) Update your eclipse.ini file to include this line:
 
Update your eclipse.ini file to include this line:
-Dhttps.protocols=TLSv1.1,TLSv1.2 
 
The location of the eclipse.ini file depends on your operating system. For more information, see [https://wiki.eclipse.org/Eclipse.ini].

Hopefully this sheds some light and those of you trying to fix this issue get enough out of it and fix your issues .

There is more info here below 

https://help.salesforce.com/apex/HTViewSolution?id=000221207


Feel free to ping me on twitter @msrivastav13 or reach by mail msrivastav13@gmail.com in case of concerns .



9 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Did you hear there is a 12 word phrase you can speak to your crush... that will trigger deep feelings of love and instinctual attractiveness for you deep within his chest?

    That's because hidden in these 12 words is a "secret signal" that fuels a man's impulse to love, idolize and care for you with his entire heart...

    12 Words Will Fuel A Man's Desire Impulse

    This impulse is so hardwired into a man's mind that it will drive him to work better than ever before to make your relationship the best part of both of your lives.

    In fact, triggering this mighty impulse is so mandatory to getting the best ever relationship with your man that as soon as you send your man one of these "Secret Signals"...

    ...You'll soon find him open his mind and heart for you in a way he's never experienced before and he'll recognize you as the one and only woman in the galaxy who has ever truly attracted him.

    ReplyDelete
  3. This type of message always inspiring and I prefer to read quality content, so happy to find good place to many here in the post, the writing is just great, thanks for the post. salesforce

    ReplyDelete
  4. Wonderful post! We are linking to this great post on our website. Keep up the great writing.
    Technology

    ReplyDelete
  5. This blog is so nice to me. I will keep on coming here again and again. Visit my link as well..
    เกมสล็อตUFABET

    ReplyDelete
  6. So, if the salesforce is adequately trained and informed about the product and services of the company which includes the complete details, they provided to serve the customer better. salesforce interview questions

    ReplyDelete
  7. metaverse many seem to agree that hybrid formats require event planners to design two different event experiences — one for in-person attendees, and another for those participating remotely. Learn Everything about Toxic Work Environment and How to Deal with It, What to Understand about Micromanagement and Democratic Leadership: What is It?

    ReplyDelete
  8. Thanks for writing such a good article, I stumbled onto your blog and read a few post. I like your style of writing...
    เว็บยูฟ่าเบท

    ReplyDelete

Introducing Lightning Base Components

Lightning Base Components are great addition to the platform and in fact revolutionary .One of the concerns around lightning component ...