[SalesForce] Cannot Connect to https://tls1test.salesforce.com/services/Soap/u/34.0

UPDATE/FOUND ISSUE:
After checking and checking I found it had to do with our OpenSLL module being 0.9.x (….oh man) which does not support TLSv1 and why my test failed but SSL Labs passed. So I have a couple of under the hood issues to fix here.

I can see why this post can be deemed off topic so do as you will 🙂

I am testing the update that Salesforce will be making in March given this document https://help.salesforce.com/articleView?id=000221207&type=1. I am using the SOAP API to connect and on my local machine I can connect to https://tls1test.salesforce.com/services/Soap/u/34.0 (via updating the WSDL) but on our production machine I cannot.

I verified that TLSv1.1 is being used on our server and even went so far as disabling TLSv1 all together to no avail. The error message is very vague so I have run out of ideas as to why the connection is failing on our production machine (LE/AMP stack) but works locally for me (LAMP stack).

Fault Code = "HTTP" and Error message is "Could not connect to host"

I am going to ask one of our SF Admins to enable this on one of our sandboxes but I do not think it will give me a different outcome.

To help you prepare for the Salesforce disabling TLS 1.0 beginning in June 2016, we are providing a new Critical Update Console (CRUC) setting, "Require TLS 1.1 or higher for HTTPS connections", for you to test the disablement of TLS 1.0 for your sandbox and production org prior to the Salesforce TLS 1.0 disablement schedule

Please let me know if I can provide further information!

UPDATE: Tried to connect from production via wget command

-bash-3.2$ wget https://tls1test.salesforce.com/services/Soap/u/34.0

--2017-01-25 16:25:45--  https://tls1test.salesforce.com/services/Soap/u/34.0
Resolving tls1test.salesforce.com... 136.146.30.119

Connecting to tls1test.salesforce.com|136.146.30.119|:443... connected.

OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Unable to establish SSL connection.
-bash-3.2$

SSLv3 is disabled on the server

Best Answer

Per your comment (now an edit to your question) above seem you are using SSL 3

Salesforce has disabled SSL 3 11/12-2014 (POODLE Vulnerability):

https://help.salesforce.com/articleView?id=Salesforce-disabling-SSL-3-0-encryption&l_1=&type=1

In November and December 2014 Salesforce disabled SSL 3.0 encryption to prevent it from being used to access the Salesforce platform. Any channels connecting to Salesforce will need to use TLS 1.0 encryption or higher—see below for supported encryption protocols. There are three different channels that require encryption to access Salesforce: internet browser, API (inbound) integrations, and call-out (outbound) integrations.

Sister site related question with similar characteristics:

https://unix.stackexchange.com/questions/192944/how-to-fix-curl-sslv3-alert-handshake-failure

so curl needed to be upgraded to the latest version (>7.40) and it worked fine.

(this is the extent of my knowledge level on curl/unix/gobblygook to be able to help so if this is not it I am not your guy lol)

Best Answer

Related Solutions

[SalesForce] Server chose TLSv1, but that protocol version is not enabled or not supported by the client

[SalesForce] TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https

When will Salesforce disable TLS 1.0 encryption?

Related Topic