Supported TLS Versions for Government Cloud
|Knowledge Article Number||000229896|
|Description||The inbound and outbound connections for the Government Cloud are different than the standard commercial instance to meet specific security requirements. So integrations which may have worked on Non-Govt Cloud instances may need to be modified it's encryption to meet these requirements.
For outbound connections to the Govt Cloud, we support TLSv1.2 using the following encryption options:
AES128-SHA cipher is supported
SSL_RSA_WITH_RC4_128_SHA **see Note 2 below
SSL_RSA_WITH_3DES_EDE_CBC_SHA **see Note 2 below
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA **see Note 2 below
Note 1: RC4 cipher is NOT supported
Note 2: There are 3 options listed above that are shared between SSL and TLS (that is, they were introduced prior to TLS's existence and continue to be supported in TLS). Cipher suites that were introduced after the creation of the TLS standard start with TLS_. These 3 ciphers are still named SSL_<stuff> even when used with TLS
When connecting to the Govt Cloud, some third-party integrations may produce an SSL version error, such as the one below that was produced by Informatica:
Login failed: Error code: [SOAP-ENV:Client] Reason: [SSL_ERROR_SSL error:1408F10B:SSL routines:SSL3_GET_RECORD: wrong version number]
Please be sure that the integration is set to use an acceptable instance-specific or My Domain URL as described here.
The Govt Cloud infrastructure also requires TLS 1 or greater (depending on cipher used - see list below); no version of SSL (e.g. SSL3) is supported. Any integration or other API tool that attempts to connect to Govt Cloud instance with SSL will fail and will need to be configured to use TLS instead.
For inbound connections to the Govt Cloud, we support TLSv1, TLSv1.1 and TLSv1.2 using the following encryption options:
AES256-SHA256 (TLSv1.2 only)
AES128-SHA256 (TLSv1.2 only)
DES-CBC3-SHA (aka 3DES)