Salesforce Sandbox API choice doesn't work any mor...

Report Inappropriate Content · 08-17-2016 01:03 PM

I subscribed as a developer to apigee. I cannot test my Salesforce sandbox instance.

Please allow TLS 1.1 in the console or let me know how to change the configuration.

Based on this excerpt from this page: https://help.salesforce.com/apex/HTViewSolution?id=000221207

June 25, 2016, at 9:30 AM PDT (16:30 UTC)

After this date and time, all sandbox orgs -- whether existing, refreshed, or new -- will have TLS 1.0 automatically disabled and will require TLS 1.1 or later in HTTPS connections to or from the sandbox org. The "Require TLS 1.1 or higher for HTTPS connections" CRUC setting will not be available.

So when trying this API rest call in the console:

https://myinstance.salesforce.com/services/data/v24.0/query?q=SELECT+name+from+Contact

I am getting this request:

HTTP/1.1 400 Bad Request

Transfer-Encoding:: chunked
Date:: Wed, 17 Aug 2016 19:29:34 GMT
Expires:: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie:: BrowserId=Trs26pFsQ36RYNEHiQ8USA;Path=/;Domain=.salesforce.com;Expires=Sun, 16-Oct-2016 19:29:34 GMT
Connection:: keep-alive
Content-Type:: application/json;charset=UTF-8
Server:: Apigee Router

<code>[
  {
    "message": "TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https.",
    "errorCode": "UNSUPPORTED_CLIENT"
  }
]

jparagon

Looks like there are some changes that need to happen here for console.

HTTP/1.1 200 OK
Strict-Transport-Security:max-age=631138519; includeSubdomains; preloadAccess-Control-Allow-Origin:*Date:Thu, 18 Aug 2016 03:41:20 GMTContent-Length:1781Connection:keep-aliveContent-Type:application/jsonServer:Apigee Router
{
  "given_cipher_suites": [
    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
    "TLS_RSA_WITH_AES_256_CBC_SHA",
    "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
    "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
    "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
    "TLS_RSA_WITH_AES_128_CBC_SHA",
    "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
    "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
    "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
    "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
    "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
    "TLS_RSA_WITH_RC4_128_SHA",
    "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
    "TLS_ECDH_RSA_WITH_RC4_128_SHA",
    "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
    "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
    "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
    "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
    "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
    "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
    "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
    "TLS_RSA_WITH_RC4_128_MD5",
    "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
  ],
  "ephemeral_keys_supported": true,
  "session_ticket_supported": false,
  "tls_compression_supported": false,
  "unknown_cipher_suite_supported": false,
  "beast_vuln": true,
  "able_to_detect_n_minus_one_splitting": true,
  "insecure_cipher_suites": {
    "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA": [
      "uses RC4 which has insecure biases in its output"
    ],
    "TLS_ECDHE_RSA_WITH_RC4_128_SHA": [
      "uses RC4 which has insecure biases in its output"
    ],
    "TLS_ECDH_ECDSA_WITH_RC4_128_SHA": [
      "uses RC4 which has insecure biases in its output"
    ],
    "TLS_ECDH_RSA_WITH_RC4_128_SHA": [
      "uses RC4 which has insecure biases in its output"
    ],
    "TLS_RSA_WITH_RC4_128_MD5": [
      "uses RC4 which has insecure biases in its output"
    ],
    "TLS_RSA_WITH_RC4_128_SHA": [
      "uses RC4 which has insecure biases in its output"
    ]
  },
  "tls_version": "TLS 1.0",
  "rating": "Bad"
}

Salesforce Sandbox API choice doesn't work any more because TLS 1.0 is not supported since June 25, 2016