+ Start a Discussion
David Zhu 8David Zhu 8 

Question regarding TLS 1.1/1.2

Hi All,
Our Salesforce application uses web service callout to intergrate to a partner's system (non-salesforce).
The partner is asking if it is OK to enable TLS 1.1/1.2 on their firewal.
I refered to this document https://help.salesforce.com/apex/HTViewSolution?id=000221207
Browser supports TLS 1.1/1.2.
My questions are:
1. from code wise, do we need to make any change?
2. Do I need to enabled TLS in my Salesforce org?
3. We have other partners not using TLS 1.1/1.2. Will the same code work for both?

This is the code snippet:
 
HttpRequest req = new HttpRequest();
        String end_point = host+(port!=NULL?+(':'+port):'')+url_path+url_params+starter;

        req.setEndpoint(end_point);
        req.setMethod('GET');
        req.setTimeout(5000);
        try {
            Http http = new Http();
            HTTPResponse res;
            res = http.send(req);

            final_url = 'Success';
            final_url+=('\n\n'+res.getBody());
            final_url+=('\n\n'+req.toString());
            integration.Parameters__c=(integration.Parameters__c+'\n\n'+final_url);
            //update integration;
        } catch(Exception e) {
            final_url = 'Error: ' + e.getMessage();
            final_url+=('\n\n'+req.toString());
            integration.Parameters__c=(integration.Parameters__c+'\n\n'+final_url);
            
        }




Thanks,
David

 
Best Answer chosen by David Zhu 8
sharathchandra thukkanisharathchandra thukkani
if you enable TLS 1.1/1.2 then other partners which are using TLS 1.0 wont be able to communicate with Salesforce. And by march 2017 TLS 1.1/1.2 is auto enabled so better you ask the other partner who are communicating with SF use TLS1.1 or higher version of protocol.

From code wise you no need to change any thing.

All Answers

sharathchandra thukkanisharathchandra thukkani
if you enable TLS 1.1/1.2 then other partners which are using TLS 1.0 wont be able to communicate with Salesforce. And by march 2017 TLS 1.1/1.2 is auto enabled so better you ask the other partner who are communicating with SF use TLS1.1 or higher version of protocol.

From code wise you no need to change any thing.
This was selected as the best answer
Аксана ВасильковаАксана Василькова
Dear All! I have another question:

Some times ago our company faced the problem of exchange between the sandbox and the local test ERP. Our IT guys found the cause of the conflict - it's in the Protocol used. In the sandbox at the moment we have encryption protocol TLS 1.2, that is not officially supported by 1C 8.2 (our local Erp). Now we are in the process of implementing a new erp, from 01.01.19 we will be on the new platform (it'll support TLS 1.2). The current Erp can't be updated. We know that it's planned to implement encryption protocol TLS 1.2 to prod system at the end of September'18 (is it?).

We kindly ask you to defer the update of the Protocol to TLS 1.2 in productive system to the end of the year. (otherwise, we will not have a possibility to exchange data ith Erp, and we will be left without salesforce).
In case it is impossible, could you advise us how to hold out for until the end of the year, pls?

Many thanks in advance for the quick response (we must do smth to salesforce will be alive)
(My e-mail: a.vasilkova@ltcompany.com)