Dear

I am using SOAP communication with salesforce. After these settings my channel not ping with destination.

Hello Ram,

What do you mean by after these settings?

Have you set up the config file and provided the max and minimum TLS versions as per the blog and the OSS note?

Regards

Bhavesh

Hi Bhavnesh,

yes, we did the same but still issue is there.

Begin IAIK Debug:

ssl_debug(4): Starting handshake (iSaSiLk 4.5)...

ssl_debug(4): Sending v3 client_hello message to test.salesforce.com:443, requesting version 3.1...

ssl_debug(4): Received v3 server_hello handshake message.

ssl_debug(4): Server selected SSL version 3.1.

ssl_debug(4): Server created new session D1:89:B7:BE:83:89:92:2E...

ssl_debug(4): CipherSuite selected by server: TLS_RSA_WITH_AES_128_CBC_SHA

ssl_debug(4): CompressionMethod selected by server: NULL

ssl_debug(4): TLS extensions sent by the server: renegotiation_info (65281)

ssl_debug(4): Server supports secure renegotiation.

ssl_debug(4): Received certificate handshake message with server certificate.

ssl_debug(4): Server sent a 2048 bit RSA certificate, chain has 2 elements.

ssl_debug(4): ServerCertChain[0]:

ssl_debug(4):   Version: 3

ssl_debug(4):   Serial Number: 0x14e1787030cab57bb9478a32d4f4a4f4

ssl_debug(4):   Signature Algorithm: SHA256/RSA

ssl_debug(4):   Issuer:  CN=Symantec Class 3 Secure Server CA - G4

ssl_debug(4):            OU=Symantec Trust Network

ssl_debug(4):            O=Symantec Corporation

ssl_debug(4):            C=US

ssl_debug(4):   Validity:

ssl_debug(4):     Not Before: Fri Jun 05 05:30:00 IST 2015

ssl_debug(4):     Not After:  Tue Jun 05 05:29:59 IST 2018

ssl_debug(4):   Subject: CN=test.salesforce.com

ssl_debug(4):            OU=Applications

ssl_debug(4):            O=Salesforce.com\, Inc

ssl_debug(4):            L=San Francisco

ssl_debug(4):            ST=California

ssl_debug(4):            C=US

ssl_debug(4):   Public Key: RSA, 2048 bit

ssl_debug(4): ServerCertChain[1]:

ssl_debug(4):   Version: 3

ssl_debug(4):   Serial Number: 0x513fb9743870b73440418d30930699ff

ssl_debug(4):   Signature Algorithm: SHA256/RSA

ssl_debug(4):   Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G5

ssl_debug(4):            OU=(c) 2006 VeriSign\, Inc. - For authorized use only

ssl_debug(4):            OU=VeriSign Trust Network

ssl_debug(4):            O=VeriSign\, Inc.

ssl_debug(4):            C=US

ssl_debug(4):   Validity:

ssl_debug(4):     Not Before: Thu Oct 31 05:30:00 IST 2013

ssl_debug(4):     Not After:  Tue Oct 31 05:29:59 IST 2023

ssl_debug(4):   Subject: CN=Symantec Class 3 Secure Server CA - G4

ssl_debug(4):            OU=Symantec Trust Network

ssl_debug(4):            O=Symantec Corporation

ssl_debug(4):            C=US

ssl_debug(4):   Public Key: RSA, 2048 bit

ssl_debug(4): ChainVerifier: Found a trusted certificate, returning true

ssl_debug(4): Received server_hello_done handshake message.

ssl_debug(4): Sending client_key_exchange handshake...

ssl_debug(4): Sending change_cipher_spec message...

ssl_debug(4): Sending finished message...

ssl_debug(4): Received change_cipher_spec message.

ssl_debug(4): Received finished message.

ssl_debug(4): Session added to session cache.

ssl_debug(4): Handshake completed, statistics:

ssl_debug(4): Read 2836 bytes in 5 records, wrote 444 bytes in 4 records.

ssl_debug(4): Shutting down SSL layer...

ssl_debug(4): Sending alert: Alert Warning: close notify

ssl_debug(4): Read 0 bytes in 0 records, 0 bytes net, 0 average.

ssl_debug(4): Wrote 0 bytes in 0 records, 0 bytes net, 0 average.

ssl_debug(4): Closing transport...

ssl_debug(4): Closing transport...

End IAIK Debug.

The XPI Inspector logs show that the connection is successful and the handshake is successful. Is this correct?

What is the receiver adapter type you are using to connect / ping SalesForce that is failing? Have you checked the comments section of the blog that talks about how certain adapters are not using IAIK SSL Library and the parameters tweaks required? Do read through the entire comments section, they do have a lot of additional know how available there.

Also as this is a Salesforce URL, if this is a public URL, can you share the URL? I can then try this on my end!

Regards

Bhavesh

Hi Bhavesh,

We are using SOAP Adapter. Channel is pinging but actually salesforce upgrade TLS 1.1 from SSLv3.

So we are getting error TLS1.0 disabled, we need to enable TLS1.1 or higher in fault string after successful ping.

URL is not public.