Apex Code Development You need to sign in to do that
Don't have an account?
deepak_naik Received fatal alert: handshake_failure connecting to tls1test.salesforce.com
Reagrding the topic "Salesforce disabling TLS 1.0" as mentioned in the link "https://help.salesforce.com/apex/HTViewSolution?id=000221207&language=en_US"
Which is the forum where I can post questions pertiaining to the above link
I am testing the API compatability Tests "How do I test the compatibility of an API (inbound) integration to Salesforce?"
When I run the test I see the following "Handshake Error " error
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.j.a(j.java:4)
at com.ibm.jsse2.j.a(j.java:31)
at com.ibm.jsse2.qc.b(qc.java:624)
Is that my applicaton no compatabile, but I see that we are using TLSv1 which is supposed to eb supported
Regds,
Deepak
Which is the forum where I can post questions pertiaining to the above link
I am testing the API compatability Tests "How do I test the compatibility of an API (inbound) integration to Salesforce?"
When I run the test I see the following "Handshake Error " error
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.j.a(j.java:4)
at com.ibm.jsse2.j.a(j.java:31)
at com.ibm.jsse2.qc.b(qc.java:624)
Is that my applicaton no compatabile, but I see that we are using TLSv1 which is supposed to eb supported
Regds,
Deepak
All Answers
But in my environment , even the curl test with TLS 1.1 fails
[dsadm@manyatak209 ConnectionTest115]$ curl -v -tlsv1.1 https://tls1test.salesforce.com
* About to connect() to tls1test.salesforce.com port 443 (#0)
* Trying 136.146.46.118... connected
* Connected to tls1test.salesforce.com (136.146.46.118) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12286
* Error in TLS handshake, trying SSLv3...
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: tls1test.salesforce.com
> Accept: */*
>
* Connection died, retrying a fresh connect
* Closing connection #0
* Issue another request to this URL: 'https://tls1test.salesforce.com'
* About to connect() to tls1test.salesforce.com port 443 (#0)
* Trying 136.146.46.118... connected
* Connected to tls1test.salesforce.com (136.146.46.118) port 443 (#0)
* TLS disabled due to previous handshake failure
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12286
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error
I am using IBM Java as follows, is this related
[dsadm@manyatak209 ConnectionTest115]$ java -version
java version "1.7.0"
Java(TM) SE Runtime Environment (build pxa6470_27sr1-20140411_01(SR1))
IBM J9 VM (build 2.7, JRE 1.7.0 Linux amd64-64 Compressed References 20140410_195893 (JIT enabled, AOT enabled)
J9VM - R27_Java727_SR1_20140410_1931_B195893
JIT - tr.r13.java_20140410_61421
GC - R27_Java727_SR1_20140410_1931_B195893_CMPRSS
J9CL - 20140410_195893)
JCL - 20140409_01 based on Oracle 7u55-b13
Apologies for the delayed reply. I could not upgrade the curl version on that system as it was a shared system. But I tried the test in a different system (my original test) and I get the error as
"(411)Length Required" as mentioned below
[dsadm@hydqatemp2 ConnectionTest91]$ qZ
bash: qZ: command not found
[dsadm@hydqatemp2 ConnectionTest91]$ ./SFConnectionTest
on
CLASSPATH=/opt/IBM/InformationServer/ASBNode/lib/java/salesforce/salesforce15.jar:/opt/IBM/InformationServer/ASBNode/lib/java/ccapi.jar:/opt/IBM/InformationServer/ASBNode/eclipse/plugins/com.ibm.isf.client/com.ibm.ws.security.crypto.jar:/opt/IBM/InformationServer/ASBNode/eclipse/plugins/com.ibm.isf.client/com.ibm.ws.ejb.thinclient_7.0.0.jar:./salesforceUnitTest.jar
*************************************************
Connect to salesforce using the following data:
URL: https://tls1test.salesforce.com/services/Soap/u/32.0
User Name: deepnaik@ibm.com
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (411)Length Required
faultActor:
faultNode:
faultDetail:
{}:return code: 411
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
Now this test is as per the link "https://help.salesforce.com/apex/HTViewSolution?id=000221207&language=en_US", where I have done "compatibility of an API (inbound) integration to Salesforce?" test by connecting to "https://tls1test.salesforce.com/services/Soap/u/32.0"
As we are not getting the hanhshake-error as before, does this mean that our application is compatibale with either TLS 1.1 or TLS 1.2
Regds,
Deepak
Hi
Thanks a lot for your confirmation
Regds,
Deepak
My Current Code to test : 'https://tls1test.salesforce.com/services/oauth2/token';
$this->salesForceUrl = 'https://tls1test.salesforce.com/services/oauth2/token';
$post_params = 'grant_type=password&client_id=' . $this->salesForceClientKey . '&client_secret=' . $this->salesForceClientSecret . '&username=' . $this->salesForceUsername . '&password=' .$this->salesForcePassword . $this->salesForceSecurityToken;
//Call sales force login method
$ch = curl_init($this->salesForceUrl);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_params);
$res = curl_exec($ch);
print_r($res);
$jd = json_decode($res);
echo 'curl_errno is : '.curl_errno($curl);
print_r($jd);
print_r(curl_getinfo($ch));
curl_close($ch);
if(isset($jd)){ //Check the response
echo "\n" . date("D M d h:i:s Y") . ": logged in to: " . $this->salesForceUrl;
return true;
}else{
echo "\n" . date("D M d h:i:s Y") . ": Error trying login to: " . $this->salesForceUrl;
return false;
}
OUTPUT is : SSL Connect error : 35 & http_code i am getting 0(zero).
After that i have added one line in the curl code : curl_setopt($curl, CURLOPT_SSLVERSION, 6);
$this->salesForceUrl = 'https://tls1test.salesforce.com/services/oauth2/token';
$post_params = 'grant_type=password&client_id=' . $this->salesForceClientKey . '&client_secret=' . $this->salesForceClientSecret . '&username=' . $this->salesForceUsername . '&password=' .$this->salesForcePassword . $this->salesForceSecurityToken;
//Call sales force login method
$ch = curl_init($this->salesForceUrl);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSLVERSION, 6);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_params);
$res = curl_exec($ch);
print_r($res);
$jd = json_decode($res);
echo 'curl_errno is : '.curl_errno($curl);
print_r($jd);
print_r(curl_getinfo($ch));
curl_close($ch);
if(isset($jd)){ //Check the response
echo "\n" . date("D M d h:i:s Y") . ": logged in to: " . $this->salesForceUrl;
return true;
}else{
echo "\n" . date("D M d h:i:s Y") . ": Error trying login to: " . $this->salesForceUrl;
return false;
}
As per the link if i am getting 400 Bad Request , it means my TLS connection is passed.
But as per my finding for TLS 1.2, i need to upgarde curl version atleast 7.34.0.
In the above test code i am getting 400 Bad request without upgrading curl version, Please let me know do i still need to upgrade curl version or it is not required, when Salesforce deactivates TLS 1.0