Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Use TLS 1.1 or higher when connecting to Salesforce using HTTPS

SA-25578

Summary



Salesforce SOAP and REST services were called. TLS 1.0 is not supported by Salesforce, and services with TLS 1.1 or higher versions must be called instead.

Error Messages



UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using HTTPS.

Steps to Reproduce



Try to connect to any Salesforce SOAP service or REST service from Pega 7.1.7. 

Root Cause



A defect or configuration issue in the operating environment.

Resolution



Perform the following local-change:

Connect-SOAP
  1. Create a new Security Profile.
  2. Create a Trust store rules in PRPC.
  3. Associate the Security Profile in Connect-SOAP rule.
  4. Update the security protocol version to TLS 1.2 from SSL Configuration dropdown.
Connect-REST:

        1. Save pyInvokeRESTConnector rule under Pega-IntergrationEngine:07-10-15 ruleset to application ruleset.
        2. Modify Step 4 (Initialize HTTP Client and handle authentication) Java code as below to modify the protocol version from SSL to TLS 1.2:

            if (serviceURL.toLowerCase().startsWith("https"))
             {
               com.pega.apache.http.conn.ssl.SSLSocketFactory sf = null;

               // HFix-9721 START

               String truststoreName = stepPage.getString("pyTruststoreName");
               String keystoreName = stepPage.getString("pyKeystoreName");
               String protocol = "TLSv1.2";

               // Create a new SSLContext that merges custom PRPC keystore/truststore with default JDK ones
               javax.net.ssl.SSLContext sslContext = tools.getServiceUtils().getSSLContext(keystoreName, truststoreName, protocol);
               sf = new com.pega.apache.http.conn.ssl.SSLSocketFactory(sslContext);
               .
               .
               .

       3. Save the rule, and test Connect-REST.

Note: The change in the code is: String protocol = "TLSv1.2";
Suggest Edit

Published July 26, 2016 - Updated October 8, 2020

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us