AnsweredAssumed Answered

Salesforce is about to disable SSL 3.0 encryption. Does this impact Boomi processes using the SFDC connector?

Question asked by GaryBernard5601 on Nov 3, 2014
Latest reply on Nov 5, 2014 by GaryBernard5601
Greetings,

We just received notification from Salesforce that SSL 3.0 encryption is being disabled due to a security issue. Is the Boomi Salesforce connector impacted by this change? Are any changes to existing Salesforce processes going to be required as a result. I have copied the notification Email from Salesforce for refrence:
 
               
salesforcePRODUCT & SERVICE NOTIFICATION
               
 
               
 
 
 
               
                              
 
                              As an administrator of a Salesforce org that may have recently been accessed using SSL 3.0 encryption, we want to inform you of a change regarding supported encryption protocols. Over the next two months, Salesforce will be disabling SSL 3.0 encryption in a phased approach to prevent it from being used to access the Salesforce platform.
                              
                              Why is this happening?
                              At Salesforce, trust is our #1 value, and we take the protection of our customers' data very seriously. On October 15, Google researchers published details on a security vulnerability (CVE-2014-3566) that affects the Secure Socket Layer (SSL) 3.0 encryption protocol, also known as “POODLE,” which may allow a man-in-the-middle attack to extract data from secure HTTP connections. Although the vulnerability is somewhat difficult to exploit, to further protect customers, we will be disabling SSL 3.0 to fully address this issue.

                              
                              How do I know if we are ready for this change?
                              After Salesforce disables SSL 3.0 encryption, any channels connecting to Salesforce will need to use TLS 1.0 encryption or higher. There are three different channels that require encryption to access Salesforce: internet browser, API (inbound) integrations and call-out (outbound) integrations. Here is an overview of each:
                              
  • Internet Browsers: By default, all browsers supported by Salesforce have TLS 1.0 enabled. You and your users should not experience an impact accessing Salesforce in your browser(s) unless you are either using a non-supported browser or you have disabled TLS 1.0 in the browser. To quickly test your browser compatibility, you can visit https://developer.salesforce.com, which has SSL 3.0 disabled. If you are able to view the site without errors, access to Salesforce via your browser should not be impacted by this change.
                                       
                                       Internet Explorer (IE) 6, which is not officially supported by Salesforce, is capable of handling TLS 1.0 encryption, but it is not enabled by default. If you have users on IE 6 and would like assistance on how to enable TLS 1.0, please log a case via the Help & Training portal.
                                                              
  • API (inbound) Integrations: API Integrations are interfaces or applications that are separate from Salesforce, but use Salesforce data. If you have any API Integrations, please ensure TLS 1.0 encryption or greater is enabled in the integration.
                                                              
  • Call-out (outbound) Integrations: Call-outs are integrations where Salesforce refers to an outside source to either verify login credentials or pull data. Examples of call-outs include: Delegated Authentication Single-Sign-On (SSO), Outbound Messaging and Apex call outs. If you use call-out integrations, please ensure TLS 1.0 encryption or greater is enabled in the integration.
                              What action do I need to take?
                              In order for users to continue to have seamless access to your Salesforce orgs, you need to ensure their browsers and integrations have TLS 1.0 encryption or higher enabled. If your browser or integration does not have TLS 1.0 or higher enabled after we make this change, then your users will not be able to access Salesforce.
                              
                              Additionally, we recommend you disable SSL 3.0 encryption in your own IT environment as soon as possible, unless you use call-out integrations. If you use call-out integrations, and you have not already disabled SSL 3.0, we recommend that you wait until after we have disabled SSL 3.0 for outbound requests in our environment.

                              
                              When will Salesforce disable SSL 3.0 encryption?
                              Salesforce plans to disable SSL 3.0 encryption according to the following schedule:

                              
                              For Inbound Encryption Requests (Internet Browsers and API Integrations)                               
Instances SSL 3.0 Disable Schedule
All Sandbox InstancesFriday, November 7, 2014
NA17, NA19, NA20Friday, November 14, 2014
NA2, NA4, NA13, NA15, NA16, EU0, EU2, EU3Friday, November 21, 2014
NA7, NA8, NA9, NA10, NA11, NA12, NA14, EU1Friday, November 29, 2014
NA0, NA1, NA3, NA5, NA6Friday, December 5, 2014
AP0, AP1Monday, December 15, 2014
                              
                              
                              For Outbound Encryption Requests (Call-out Integrations)                               
Instances SSL 3.0 Disable Schedule
All Sandbox InstancesWednesday, December 3, 2014
All Production Instances Wednesday, December 10, 2014
                              
                              Where can I get more information?
                              You can review this Knowledge Article for more information. If you have any questions, please reach out to your Salesforce contact or log a case via the Help & Training portal.
               
 
               

Outcomes