+ Start a Discussion
Eric-∑Eric-∑ 

Enforce AWS Marketplace API to use TLS1.1 or TLS1.2

Is it possible to specify the protocol in the HTTP callout to enforce AWS Marketplace API to use TLS1.1 or TLS1.2? When I call AWS Marketplace API from Salesforce, I got an error: System.CalloutException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.

I was not getting the error all the time, sometimes, it worked, but sometimes it didn't. So, it seems that AWS Marketplace chooses to use either TLS1.0 or advanced protocol when I called the API from Salesforce, but since Salesforce doesn't support TLS1.0 anymore, does anybody know how to specify the protocol to enforce AWS Marketplace API always use TLS1.1 or TLS1.2?
SandhyaSandhya (Salesforce Developers) 
Hi Eric,

Please refer below link for the similar issue you may get some information.

You will need to update the endpoint server to enable TLS 1.1 or above.
Here are details on how you can enable TLS 1.1 and above :https://help.salesforce.com/apex/HTViewSolution?id=000221207#OutboundIntegrations

If this third party sever/endpoint is not in your control then you will have to request sever owner for upgrade.

If that is not possible then you will have to create a middle-ware which can communicate with both TLS 1.0 & TLS 1.1 and above.

http://salesforce.stackexchange.com/questions/130022/server-chose-tlsv1-but-that-protocol-version-is-not-enabled-or-not-supported-by


 http://salesforce.stackexchange.com/questions/111912/callouts-to-web-services-started-failing-with-calloutexception-server-chose-tls
 
https://aws.amazon.com/about-aws/whats-new/2016/01/amazon-cloudfront-adds-new-origin-security-features/
 
Hope this helps you!

If this helps you please mark it as solved so that it will be available for others as a proper solution.

Thanks and Regards
Sandhya