Starting today, Salesforce will be disabling SSL 3.0 to increase security and protect against a POODLE attack.


POODLE attack

Here are the 3 things you need to do to make sure you don’t have any disruptions in service:

  1. Make sure you’re using an updated browser, which includes:
    • Internet Explorer 7 or higher
    • most recent version of Firefox
    • most recent version of Chrome
    • Safari versions 5 or higher

    Note: You can check quickly whether or not your browser is working by navigating to Twitter.  Twitter has disabled SSL 3.0.  If you don’t receive error messages, your browser is ready for the change from Salesforce.

  2. Check your Remote Site Salesforce API integrations:
  3. To find a list of your inbound Salesforce API integrations, login to Salesforce, click on your name in the upper right hand corner and click Setup (or click Setup in the upper-right hand corner if listed separately).  In the Setup Search box, type “Remote Site Settings” and click on the link under Security Controls.  This will take you to a list of all web addresses Salesforce can use for your organization.

    Each of these needs to have TLS 1.0 or higher enabled in order for the integration to continue working.  To check, you can use Qualys SSL Labs and search each of the Remote Site URLs. It will take a few minutes to run for each site. Once complete, scroll to Configuration and ensure that TLS 1.0 or above has “Yes” next to it.

    Here is a list of Apps that Collabrax has already verified, so you should not need to test (please add those you test in the comments below to help other users!):

  4. Check your Outbound Salesforce Callout integrations:

If your organization uses Single Sign-On, you’ll need to verify the identity provider has TSL 1.0 or higher enabled.  In addition, if you have workflow that sends outbound messages (not e-mails) to outside web services – these services should be checked for TSL 1.0+.