Support Article

Use TLS 1.1 or higher when connecting to Salesforce using HTTPS

SA-25578

Summary



Salesforce SOAP and REST services were called. TLS 1.0 is not supported by Salesforce, and services with TLS 1.1 or higher versions must be called instead.

Error Messages



UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using HTTPS.

Steps to Reproduce



Try to connect to any Salesforce SOAP service or REST service from Pega 7.1.7. 

Root Cause



A defect or configuration issue in the operating environment.

Resolution



Perform the following local-change:

Connect-SOAP
  1. Create a new Security Profile.
  2. Create a Trust store rules in PRPC.
  3. Associate the Security Profile in Connect-SOAP rule.
  4. Update the security protocol version to TLS 1.2 from SSL Configuration dropdown.
Connect-REST:

        1. Save pyInvokeRESTConnector rule under Pega-IntergrationEngine:07-10-15 ruleset to application ruleset.
        2. Modify Step 4 (Initialize HTTP Client and handle authentication) Java code as below to modify the protocol version from SSL to TLS 1.2:

            if (serviceURL.toLowerCase().startsWith("https"))
             {
               com.pega.apache.http.conn.ssl.SSLSocketFactorysf = null;

               // HFix-9721 START

               String truststoreName = stepPage.getString("pyTruststoreName");
               String keystoreName = stepPage.getString("pyKeystoreName");
               String protocol = "TLSv1.2";

               // Create a new SSLContext that merges custom PRPC keystore/truststore with default JDK ones
               javax.net.ssl.SSLContextsslContext = tools.getServiceUtils().getSSLContext(keystoreName, truststoreName, protocol);
               sf = new com.pega.apache.http.conn.ssl.SSLSocketFactory(sslContext);
               .
               .
               .

       3. Save the rule, and test Connect-REST.

Note: The change in the code is: String protocol = "TLSv1.2";

Published July 13, 2016 - Updated July 26, 2016

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.