Today I started receiving the following exception when making callouts to external web services:
System.CalloutException: IO Exception: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
Why would this start failing?
When connecting to the same org using the Partner API from a client application that doesn't support TLS 1.1 or higher:
UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.
A POST request for Web-to-lead is intermittently coming back with:
400 Bad Request
StatusDescription: TLS 1.1 or higher required.
Best Answer
This corresponds to Salesforce disabling TLS 1.0. Pointing https://www.ssllabs.com/ssltest/ at the publicly accessible web services returns the following result:
As a short term fix while upgrading the web services to support newer versions of TLS, you might be able to deactivate the corresponding critical update: