First things first: What's TLS and why did Salesforce moved to 1.x and had to disable TLS 1.0?
TLS 1.0
What kind of improvements brings to the table TLS 1.1?
TLS 1.0
What kind of improvements brings to the table TLS 1.1?
- Added protection against cipher-block chaining (CBC) attacks.
- Support for IANA registration of parameters.
Clearly TLS 1.1 is more secure (compared to 1.0).
The things that can be affected in your instances are as below:
That's a big list and if you are an enterprise org, then I am sure you would have at least one of the above things in your org and you may find it to be broken if you don't take any action.
So below are some of the suggestions to fix this issue:
Hopefully this sheds some light and helps you reduce the pain of dealing with this.
The things that can be affected in your instances are as below:
- Web requests to Salesforce URLs that require authentication.
- Web requests to the login page of a My Domain.
- Web requests to Community or Force.com sites.
- Web requests to Customer and Partner portals.
- Web to lead, web to case, and web to custom object requests API requests to Salesforce Callouts using Apex to a remote endpoint.
- Workflow outbound messaging callouts to a remote endpoint Callouts using Lightning Connect to a remote endpoint AJAX proxy callouts to a remote endpoint.
- Delegated authentication callouts to a remote endpoint Mobile apps developed with Salesforce Mobile SDK need to upgraded to SDK v4.
That's a big list and if you are an enterprise org, then I am sure you would have at least one of the above things in your org and you may find it to be broken if you don't take any action.
So below are some of the suggestions to fix this issue:
- If you are using force.com migration tool and ANT process be on a latest ANT version.
- If you are using Java 7, upgrade to Java 8 since Java 8 by default uses 1.2
- If have an integration running, like WebMethods, there will be setting to disable TLS 1.0 or to enable TLS 1.2 (see -Dhttps.protocols=TLSv1.1,TLSv1.2).
- You can disable TLS 1.0 in your browser, but I'd rather upgrade :)
- Also look for specific configuration if you want to explicitly force tools to use TLS 1.1 or TLS 1.2
Hopefully this sheds some light and helps you reduce the pain of dealing with this.
No comments:
Post a Comment