Recently, Salesforce announced that it would be disabling SSL (Secure Socket Layer) 3.0 due to a security vulnerability published by Google’s researchers. This is likely not something that will affect your Salesforce instance significantly, but we wanted to keep everyone up to date on the changes. Before we go any further, here is the statement from Salesforce about why this disabling is occurring:
“At Salesforce, trust is our #1 value, and we take the protection of our customers’ data very seriously. On October 15, Google researchers published details on a security vulnerability (CVE-2014-3566) that affects the Secure Socket Layer (SSL) 3.0 encryption protocol, also known as “POODLE,” which may allow a man-in-the-middle attack to extract data from secure HTTP connections. Although the vulnerability is somewhat difficult to exploit, to further protect customers, we will be disabling SSL 3.0 to fully address this issue.”
Here’s what this change means: Once Salesforce disables SSL 3.0 encryption, all channels which connect to Salesforce will need to use TLS 1.0 Encryption (or higher). There are three channels that connect to Salesforce via encryption:
Recent Comments