You may have received one or more “Product & Service Notifications” from Salesforce.com recently announcing the end of TLS 1.0 security support in the platform. This is not a bulletin to ignore!
Starting in February 2016, Salesforce will begin disabling TLS 1.0 security, which may mean that various external applications that your business relies on every day may no longer be able to connect to Salesforce for the exchange of data depending on what level of TLS security they currently use.
In addition, if you provide portal login access to any of your customers using Salesforce Communities, Customer or Partner Portal, Force.com Sites, or Site.com, your customers may not be able to access those sites using older versions of web browsers.
The list of problem apps includes some generic user applications:
- Web browsers (many older versions)
- Mobile Apps (e.g. the Salesforce1 Mobile App, Custom Apps built on the Salesforce1 Mobile SDK)
- Mobile platforms (e.g. older versions of Android)
The change may also affect network appliances and integration middleware such as:
- IBM WebSphere Cast Iron (appliance and Hypervisor), Jitterbit, Pentaho (Kettle), and others
- Custom developed .Net, Java, Python, Ruby or other code that makes API calls to Salesforce.com
How do I ensure that this change does not impact my business?
- In short, take an inventory of your applications and data integration connections to Salesforce.com in any way. Check versions and dependencies.
- Verify that your apps and their dependencies are upgraded to the latest version available and that whatever version you are using supports TLS 1.1 or 1.2 (and that it has been properly enabled and configured for use in Salesforce.com connections).
- Test your updated system (ideally with a sandbox environment) to make sure it will work when Salesforce makes the change to disable TLS 1.0 support.
How to Get Started
To check specific browsers and API (Inbound) Integrations:
The link below gives Salesforce.com’s explanation of the change and includes recommended browser versions and specific recommendations about .Net, Java, Python, Ruby, and other technologies used in building integrations.
https://help.salesforce.com/apex/HTViewSolution?id=000221207
Other Third Party Apps Not Mentioned in the Salesforce Article
Our research indicates the following versions of integration products should be able to support TLS 1.1 or 1.2. For the latest updates including full details, please contact the provider or manufacturer. This information is provided for reference purposes only - it is strongly recommended that you conduct your own tests to verify any system updates with your specific environment. Test URLs are provided in the Salesforce article mentioned above.
Cast Iron:
Upgrade to
6.1.0.12IF004
6.1.0.15IF001
6.3.0.1IF009.
6.4.0.1
7.x
Jitterbit Harmony:
Upgrade to version 7
Pentaho (Kettle):
Upgrade to version PDI 6.0.0 or newer
Salesforce1 Mobile App:
Download and install the latest version on your mobile device
Mobile Apps built with the Salesforce Mobile SDK:
https://developer.salesforce.com/blogs/engineering/2015/11/disabling-tls-1-0-preparing-mobile-sdk-apps-big-change.html?eid=ss-tc
Need more? Summa can help
If you have questions about a specific application, please contact us for more information. We have researched this issue on the apps mentioned above and others. We can help you locate a compatible version and identify any common issues.
Additional References:
Cast Iron:
http://www-01.ibm.com/support/docview.wss?uid=swg21687945
Jitterbit:
https://supportcentral.jitterbit.com/display/TFDL/Salesforce+TLS+1.1+Compatibility+Upgrade?mkt_tok=3RkMMJWWfF9wsRokvqvLZKXonjHpfsX56OQvX6e1lMI%2F0ER3fOvrPUfGjI4DTstjI%2BSLDwEYGJlv6SgFSrHCMbZv3bgEXhA%3D
Pentaho (Kettle):
http://jira.pentaho.com/browse/PDI-13985
