As per current salesforce update , 3DES cipher suite support for inbound TLS connections will be disabled, how will it impact existing prod orgs?

Clash Royale CLAN TAG#URR8PPP

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;

up vote
1
down vote

favorite

We have third party integrations in our orgs. So , need to know the impact of the same.

integration critical-update

share|improve this question

asked 4 hours ago

Rohit C

838

add a comment | 

up vote
1
down vote

favorite

We have third party integrations in our orgs. So , need to know the impact of the same.

integration critical-update

share|improve this question

asked 4 hours ago

Rohit C

838

add a comment | 

up vote
1
down vote

favorite

up vote
1
down vote

favorite

We have third party integrations in our orgs. So , need to know the impact of the same.

integration critical-update

share|improve this question

asked 4 hours ago

Rohit C

838

We have third party integrations in our orgs. So , need to know the impact of the same.

integration critical-update

integration critical-update

share|improve this question

asked 4 hours ago

Rohit C

838

share|improve this question

asked 4 hours ago

Rohit C

838

share|improve this question

share|improve this question

asked 4 hours ago

Rohit C

838

asked 4 hours ago

Rohit C

838

asked 4 hours ago

Rohit C

838

838

add a comment | 

add a comment | 

1 Answer
1

active

oldest

votes

up vote
2
down vote



accepted

It depends on the integrations. 3DES is only one of several cipher suites that are used. During the TLS handshake, the client and server choose the most secure cipher that they have in common and use that. If 3DES is the only supported cipher, then connections will fail. Otherwise, there won't be any effect, as the connection will simply choose another available cipher. The large majority of TLS-enabled software won't be affected, but if the server was specifically configured to not support AES, then it may fail. I would imagine that most servers running today should already support it without any additional configuration, but this should be reviewed carefully by the IT department as soon as practical.

share|improve this answer

answered 4 hours ago

sfdcfox

231k10178394

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Actually , i'am new to salesforce integrations. So , as i understand your answer we need to check whether other cipher suites are supported by servers which connect to salesforce ? And can we handle it from salesforce side while sending/ receiving data?
  – Rohit C
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @RohitC cipher options are chosen automatically from the Salesforce side. You must configure the other software, if necessary, to choose cipher support. There's nothing you can do in Apex code to influence the result. You can catch a CalloutException if you want to handle the error, but you can't fix it in Salesforce.
  – sfdcfox
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Ok, Thank you @sfdcfox.
  – Rohit C
  3 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "459"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f234891%2fas-per-current-salesforce-update-3des-cipher-suite-support-for-inbound-tls-con%23new-answer', 'question_page');

);

Post as a guest

Name Email

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
2
down vote



accepted

It depends on the integrations. 3DES is only one of several cipher suites that are used. During the TLS handshake, the client and server choose the most secure cipher that they have in common and use that. If 3DES is the only supported cipher, then connections will fail. Otherwise, there won't be any effect, as the connection will simply choose another available cipher. The large majority of TLS-enabled software won't be affected, but if the server was specifically configured to not support AES, then it may fail. I would imagine that most servers running today should already support it without any additional configuration, but this should be reviewed carefully by the IT department as soon as practical.

share|improve this answer

answered 4 hours ago

sfdcfox

231k10178394

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Actually , i'am new to salesforce integrations. So , as i understand your answer we need to check whether other cipher suites are supported by servers which connect to salesforce ? And can we handle it from salesforce side while sending/ receiving data?
  – Rohit C
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @RohitC cipher options are chosen automatically from the Salesforce side. You must configure the other software, if necessary, to choose cipher support. There's nothing you can do in Apex code to influence the result. You can catch a CalloutException if you want to handle the error, but you can't fix it in Salesforce.
  – sfdcfox
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Ok, Thank you @sfdcfox.
  – Rohit C
  3 hours ago
  

  
  
  
  

add a comment | 

up vote
2
down vote



accepted

It depends on the integrations. 3DES is only one of several cipher suites that are used. During the TLS handshake, the client and server choose the most secure cipher that they have in common and use that. If 3DES is the only supported cipher, then connections will fail. Otherwise, there won't be any effect, as the connection will simply choose another available cipher. The large majority of TLS-enabled software won't be affected, but if the server was specifically configured to not support AES, then it may fail. I would imagine that most servers running today should already support it without any additional configuration, but this should be reviewed carefully by the IT department as soon as practical.

share|improve this answer

answered 4 hours ago

sfdcfox

231k10178394

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Actually , i'am new to salesforce integrations. So , as i understand your answer we need to check whether other cipher suites are supported by servers which connect to salesforce ? And can we handle it from salesforce side while sending/ receiving data?
  – Rohit C
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @RohitC cipher options are chosen automatically from the Salesforce side. You must configure the other software, if necessary, to choose cipher support. There's nothing you can do in Apex code to influence the result. You can catch a CalloutException if you want to handle the error, but you can't fix it in Salesforce.
  – sfdcfox
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Ok, Thank you @sfdcfox.
  – Rohit C
  3 hours ago
  

  
  
  
  

add a comment | 

up vote
2
down vote



accepted

up vote
2
down vote



accepted

It depends on the integrations. 3DES is only one of several cipher suites that are used. During the TLS handshake, the client and server choose the most secure cipher that they have in common and use that. If 3DES is the only supported cipher, then connections will fail. Otherwise, there won't be any effect, as the connection will simply choose another available cipher. The large majority of TLS-enabled software won't be affected, but if the server was specifically configured to not support AES, then it may fail. I would imagine that most servers running today should already support it without any additional configuration, but this should be reviewed carefully by the IT department as soon as practical.

share|improve this answer

answered 4 hours ago

sfdcfox

231k10178394

It depends on the integrations. 3DES is only one of several cipher suites that are used. During the TLS handshake, the client and server choose the most secure cipher that they have in common and use that. If 3DES is the only supported cipher, then connections will fail. Otherwise, there won't be any effect, as the connection will simply choose another available cipher. The large majority of TLS-enabled software won't be affected, but if the server was specifically configured to not support AES, then it may fail. I would imagine that most servers running today should already support it without any additional configuration, but this should be reviewed carefully by the IT department as soon as practical.

share|improve this answer

answered 4 hours ago

sfdcfox

231k10178394

share|improve this answer

share|improve this answer

answered 4 hours ago

sfdcfox

231k10178394

answered 4 hours ago

sfdcfox

231k10178394

answered 4 hours ago

sfdcfox

231k10178394

231k10178394

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Actually , i'am new to salesforce integrations. So , as i understand your answer we need to check whether other cipher suites are supported by servers which connect to salesforce ? And can we handle it from salesforce side while sending/ receiving data?
  – Rohit C
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @RohitC cipher options are chosen automatically from the Salesforce side. You must configure the other software, if necessary, to choose cipher support. There's nothing you can do in Apex code to influence the result. You can catch a CalloutException if you want to handle the error, but you can't fix it in Salesforce.
  – sfdcfox
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Ok, Thank you @sfdcfox.
  – Rohit C
  3 hours ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Actually , i'am new to salesforce integrations. So , as i understand your answer we need to check whether other cipher suites are supported by servers which connect to salesforce ? And can we handle it from salesforce side while sending/ receiving data?
  – Rohit C
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @RohitC cipher options are chosen automatically from the Salesforce side. You must configure the other software, if necessary, to choose cipher support. There's nothing you can do in Apex code to influence the result. You can catch a CalloutException if you want to handle the error, but you can't fix it in Salesforce.
  – sfdcfox
  4 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Ok, Thank you @sfdcfox.
  – Rohit C
  3 hours ago
  

  
  
  
  

1

1

Actually , i'am new to salesforce integrations. So , as i understand your answer we need to check whether other cipher suites are supported by servers which connect to salesforce ? And can we handle it from salesforce side while sending/ receiving data?
– Rohit C
4 hours ago

Actually , i'am new to salesforce integrations. So , as i understand your answer we need to check whether other cipher suites are supported by servers which connect to salesforce ? And can we handle it from salesforce side while sending/ receiving data?
– Rohit C
4 hours ago

1

1

@RohitC cipher options are chosen automatically from the Salesforce side. You must configure the other software, if necessary, to choose cipher support. There's nothing you can do in Apex code to influence the result. You can catch a CalloutException if you want to handle the error, but you can't fix it in Salesforce.
– sfdcfox
4 hours ago

@RohitC cipher options are chosen automatically from the Salesforce side. You must configure the other software, if necessary, to choose cipher support. There's nothing you can do in Apex code to influence the result. You can catch a CalloutException if you want to handle the error, but you can't fix it in Salesforce.
– sfdcfox
4 hours ago

Ok, Thank you @sfdcfox.
– Rohit C
3 hours ago

Ok, Thank you @sfdcfox.
– Rohit C
3 hours ago

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f234891%2fas-per-current-salesforce-update-3des-cipher-suite-support-for-inbound-tls-con%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email