Print this page

Preparing mobile apps for TLS 1.0 deprecation

Knowledge Article Number 000231452
Description

In early 2016, Salesforce will disable TLS 1.0 and will begin using TLS 1.1/1.2 exclusively. This change is slated to occur sometime in the February to April 2016 timeframe. Details for this change are publicly available in the following knowledge article:

Salesforce disabling TLS 1.0

This change will affect existing users of applications built on certain versions of Mobile SDK. To avoid loss of functionality in your app, apply the following mandatory changes to your app as soon as possible.

After TLS 1.0 is disabled on a Salesforce instance, apps that are not compliant with TLS 1.1 or 1.2 will not be able to connect to that Salesforce instance.

Resolution

iOS

The iOS platform (version 5.0 or later) supports TLS 1.1/1.2 out of the box. No changes are required for Mobile SDK apps built with iOS 5.0 or later. Older apps must upgrade to a supported iOS version.

Android

Unfortunately, some work might be required to ensure that your Android applications don’t break when TLS 1.0 is disabled on a Salesforce instance. We have a fix that enforces TLS 1.1/1.2 on Mobile SDK Android applications:https://github.com/forcedotcom/SalesforceMobileSDK-Android/pull/981. The fix is currently in our ‘unstable’ branch. It will be included in our upcoming Mobile SDK 4.0 release (expected in November/December 2015).

Android Versions Affected

  • Earlier than KitKat (4.4) – Android versions older than KitKat (4.4) don’t support TLS 1.1/1.2 and therefore are no longer supported. Existing applications that target these platforms will stop working when TLS 1.0 is disabled.
  • KitKat (4.4) – Applications targeting KitKat will work with the fix mentioned above (https://github.com/forcedotcom/SalesforceMobileSDK-Android/pull/981). Be sure to apply the fix to your application and publish the fixed version to the Google Play Store before Salesforce begins to disable TLS 1.0. See Applying the Mobile SDK Fix on Android 4.4 (KitKat) for instructions on implementing the patch.
  • Lollipop (5.0) or later –  Lollipop and above use TLS 1.1/1.2 by default and don’t require the Mobile SDK fix mentioned above. Existing applications that target these platforms will continue to work without changes.

Applying the Mobile SDK Fix on Android 4.4 (KitKat)

As an application developer, use one of the following options to ensure that your users on KitKat aren’t affected by the change in April.

  1. Upgrade to Mobile SDK 4.0 as soon as it’s published, and release a new version of your application before April 2016.
    OR
  2. Cherry-pick the pull request mentioned above (https://github.com/forcedotcom/SalesforceMobileSDK-Android/pull/981), and apply it to your local version of Mobile SDK. Release a new version of your application before April 2016.

Source:
https://rwhitleysfdc.wordpress.com/author/rwhitleysfdc/




promote demote