I am making an HTTP POST request to external system, it works fine when I post request from Developer orgs, these orgs are of older versions. However when I build a package and install that package into a new org and when I try to connect to external system using HTTP POST I get this HandShake error.
Error: Something went wrong. Please try again.Remote host closed
connection during handshake
One reason that I thought of is, Salesforce has disabled TLS 1.0 ,
Salesforce is requiring an upgrade to TLS 1.1 or higher by July 22, 2017 in order to align with industry best practices for security and data integrity. On that date it will disable TLS 1.0.
But the API that I am hitting using post confirms that its still accepting TLSv1,
handshake error result via open SSL, inside of external system network.
Does new Salesforce orgs that I am creating has TLS 1.1 or higher
enabled by default? and external system is not accepting request because of change in version for TLS.
https://c.na34.visual.force.com/apex/MyVFPage <- this one succeeds on connection
https://packageNameSpace.ap5.visual.force.com/apex/MyVFPage <- this one fails
These are callback URLS.
When I check the critical updates in my old org I can see like following:-
However new Salesforce orgs that I am creating does not have this in Critical updates, does that mean new Salesforce orgs already having version of TLS 1.1 or higher enabled by default, if YES how to check version of TLS?
I did activate TLS 1.1 or higher under critical updates section assuming there might be some issue with TLS, also external system confirms that they accept TLS V1.0, V1.1,V1.2 and V1.3
When I tried to connect to external system after activating this update , all seems to be working fine in the old Salesforce orgs that I am using, however new Salesforce orgs that I am creating, having issue shaking hands with external system.
Any thoughts how to approach this issue.
Note: I can not post code here because of the security reasons, it will be helpful if anyone can guide me about this.
Best Answer
I'm pretty sure you are following This Article, however, you should continue monitoring it for updates.
In a nutshell, yes, the orgs you have created use TLS 1.1 or higher.