Use TLS 1.1 or higher when connecting to Salesforce using HTTPS
Salesforce SOAP and REST services were called. TLS 1.0 is not supported by Salesforce, and services with TLS 1.1 or higher versions must be called instead.
UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using HTTPS.
Steps to Reproduce
Try to connect to any Salesforce SOAP service or REST service from Pega 7.1.7.
A defect or configuration issue in the operating environment.
Perform the following local-change:
- Create a new Security Profile.
- Create a Trust store rules in PRPC.
- Associate the Security Profile in Connect-SOAP rule.
- Update the security protocol version to TLS 1.2 from SSL Configuration dropdown.
1. Save pyInvokeRESTConnector rule under Pega-IntergrationEngine:07-10-15 ruleset to application ruleset.
2. Modify Step 4 (Initialize HTTP Client and handle authentication) Java code as below to modify the protocol version from SSL to TLS 1.2:
com.pega.apache.http.conn.ssl.SSLSocketFactory sf = null;
// HFix-9721 START
String truststoreName = stepPage.getString("pyTruststoreName");
String keystoreName = stepPage.getString("pyKeystoreName");
String protocol = "TLSv1.2";
// Create a new SSLContext that merges custom PRPC keystore/truststore with default JDK ones
javax.net.ssl.SSLContext sslContext = tools.getServiceUtils().getSSLContext(keystoreName, truststoreName, protocol);
sf = new com.pega.apache.http.conn.ssl.SSLSocketFactory(sslContext);
3. Save the rule, and test Connect-REST.
Note: The change in the code is: String protocol = "TLSv1.2";