[Salesforce Connector] SalesForce Connector, issue with TLS 1.0, support for TLS 1.2

Forge Component
Published on 19 Feb by Vera Tiago
17 votes
Published on 19 Feb by Vera Tiago

Hi guys,

SalesForce.com has disabled TLS 1.0 on the sandboxes, due to the POODLE Vulnerability. For Production, such disablement is planned for 2017!

We are working on an integration project with a brand new sandbox, so we immediately got the error "UNSUPPORTED_CLIENT TLS 1.0 has been disabled in the organization. Please use TLS 1.1 or higher" when we tried to use the Login Action.

Saleforce Connector component will require an upgrade to use TLS 1.1 (or higher).

As a workaround, what we did was:

  • Open the extension source and upgrade the solution to .NET 4.5
  • Added a constructor for the class CssSForce with this single line “System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;” (this way all calls to Salesforce will be affected by the option)

Note: SecurityProtocolType.Tls12 is only supported by .NET 4.5+

Alternatively, it seems that the .NET default security protocol type could be changed in the registry keys:



However, those registry keys will enable TLS 1.2 by default for all installed .NET 4.0, 4.5, 4.5.1, and 4.5.2 applications on that machine, it could raise issues in other .NET applications. For cloud solutions, changing the registry is not an option.

Can we expect such upgrade on the component from Salesforce Connector team?

Since we have fixed already, please get back to us for any help you may require.

After speaking with the OutSystems CSP people, I have learned a couple of things:

  1. They like the above workaround for .NET until further notice.
  2. At least for Java it is a setting which can be changed in Wildfly to upgrade to TLS 1.x, but for OutSystems Cloud they will not be officially supporting this version of TLS in the near future. So they will not change the setting.

In the meantime for us Java folks, it was suggested we can workaround the issue by following the example in this stack overflow post. The issue I am having with that suggestion now is that there seems to be no obvious place to implement this block of code. I also do not know what to input as the second argument for initializing the SSLContext - I am guessing there is some static TrustManager within the OutSystems library jars we are supposed to be using for this, but for fear of breaking something I dare not proceed until I know more. 

Are we any closer to getting a version of this connector that works with > TLSv1.0?