Apex Code Development You need to sign in to do that
Don't have an account?
Jeff Rogers Call Out Error - SSLv3
I'm developing a custom integration between Salesforce and RegOnline (call outs from SF to the RegOnline APIs to get data). Unfortunately it looks like I have a problem. I'm getting the following error message:
System.CalloutException: IO Exception: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
This looks related to SF recently disabling the use of SSLv3. Is this error from SF still trying to use SSLv3 and the Regonline API has SSLv3 disabled (or the other way around)?
Any ideas for a resolution/work around?
Thanks!
System.CalloutException: IO Exception: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
This looks related to SF recently disabling the use of SSLv3. Is this error from SF still trying to use SSLv3 and the Regonline API has SSLv3 disabled (or the other way around)?
Any ideas for a resolution/work around?
Thanks!
This (https://developer.salesforce.com/forums/ForumsMain?id=906F0000000AmTZ) thread provides a lot of detail related to the transition made by Salesforce to stop support for SSLv3 and switch to TLS. I would recommend a couple of things
A) Raise a support case with Salesforce to confirm if the problem is at their end
B) Trying out an intermediate proxy such as this one - https://github.com/Rob--W/cors-anywhere which can accept a SSLv3 connection and then make a TLS callout to the destination.
If my answer helps resolve your query, please mark it as the 'Best Answer' & upvote it to benefit others and improve the overall quality of Discussion Forums.
Gaurav Kheterpal
Certified Force.com Developer| Salesforce Mobile Evangelist| Developer Forums Moderator| Dreamforce Speaker
All Answers
For inbound requests: TLS 1.0, and TLS 1.2
For outbound requests: TLS 1.0
You can read more about it here (https://help.salesforce.com/apex/HTViewSolution?urlname=Salesforce-disabling-SSL-3-0-encryption).
I would recommend you check with RegOnline if their APIs support TLS.
If my answer helps resolve your query, please mark it as the 'Best Answer' & upvote it to benefit others and improve the overall quality of Discussion Forums.
Gaurav Kheterpal
Certified Force.com Developer| Salesforce Mobile Evangelist| Developer Forums Moderator| Dreamforce Speaker
Thank you for the reply!
Here's a response from RegOnline:
"We are compatible with SSL and TLS. However, we only support TLS 1.1 from a web browser perspective and TLS 1.0 for External Authentication. "
It appears that SF uses TLS 1.0 for outbound calls (per the doc you referenced) and RegOnline states they support TLS 1.0 for External Authentication. Apparently, one of two is trying to use SSLv3. Which side of the communication is setting the encryption?
This one is confusing!
This (https://developer.salesforce.com/forums/ForumsMain?id=906F0000000AmTZ) thread provides a lot of detail related to the transition made by Salesforce to stop support for SSLv3 and switch to TLS. I would recommend a couple of things
A) Raise a support case with Salesforce to confirm if the problem is at their end
B) Trying out an intermediate proxy such as this one - https://github.com/Rob--W/cors-anywhere which can accept a SSLv3 connection and then make a TLS callout to the destination.
If my answer helps resolve your query, please mark it as the 'Best Answer' & upvote it to benefit others and improve the overall quality of Discussion Forums.
Gaurav Kheterpal
Certified Force.com Developer| Salesforce Mobile Evangelist| Developer Forums Moderator| Dreamforce Speaker
"In case of callouts from salesforce, salesforce acts as a client. So as per the exception message, the endpoint is expecting the client (salesforce) to use SSLv3.
To resolve this issue, you have to re-configure your server to use TLS 1.0 protocol."
So, it looks like the problem is on RegOnline's end. They stated they support TLS 1.0, but apprently there is an issue. They're escalating the issue to their dev team.
Thanks again!