Critical update: Salesforce Upgrade to TLS 1.2

Owned by Terry Humphris
Last updated: Nov 02, 2021 by Karl Tompson
2 min read

Salesforce have disabled support for TLS versions older than 1.2

This will have a critical impact on the usability of the FuseIT SFDC Explorer (and other systems connecting to the Salesforce APIs).

TLS 1.2 is supported by Salesforce but earlier versions of the FuseIT SFDC Explorer were built on .NET Frameworks that do not support TLS 1.2 and therefore may not connect with Salesforce.

Solution

Please download the latest version of the FuseIT SFDC Explorer. Versions 3.14 onwards use the .NET 4.7.2 framework that has native support for TLS 1.1 and 1.2. If required, you can download the Microsoft .NET Framework 4.7.2.

Required TLS Config

 Note, the securityProtocols element must appear in the FuseIT.SFDC.Explorer.exe.config file to enable TLS 1.2 support. This might not be present if you are upgrading in place and an existing configuration file is in place.

<configSections>
    <!-- ... -->
    <section name="FuseIT.G4S.SalesforceConnector" type="FuseIT.G4S.SalesforceConnector.SalesforceSettingsSection, FuseIT.G4S.SalesforceConnector" />
    <!-- ... -->
</configSections>

<!-- ... -->

<FuseIT.Sitecore.SalesforceConnector>
    <!-- 
      timeOutMilliseconds: Indicates the time an XML Web service client waits for a synchronous XML Web service request to complete (in milliseconds).      
      clientId: Partner application API token (Case sensitive). Required to work with Professional Edition orgs.      
      uploadBatchSize: The maximum number of records that can be sent to Salesforce in an upload operation. This limit is defined by Salesforce.
    -->
    <binding timeOutMilliseconds="100000" clientId="" uploadBatchSize="200" />
    <!-- Config to explicitly set the System.Net.ServicePointManager.SecurityProtocol -->
    <securityProtocols>
      <securityProtocol securityProtocolType="Tls" />
      <securityProtocol securityProtocolType="Tls11" />
      <securityProtocol securityProtocolType="Tls12" />
    </securityProtocols>
    <!-- Speedup Keyprefix lookups for known values -->
    <keyPrefixes>
      <add key="Lead" value="00Q"/>
      <add key="Contact" value="003"/>
      <add key="User" value="005"/>
      <add key="Organization" value="00D"/>
    </keyPrefixes>
</FuseIT.Sitecore.SalesforceConnector>

Operating System support

If you are still receiving the error "Could not create SSL/TLS secure channel" and you are on Windows 7, Windows Server 2008 or 2012, this article may help to add TLS 1.2 support.