Remote host closed connection during handshake

  • 1
  • Question
  • Updated 3 years ago
  • Answered
DISCLAIMER: Not a problem with Skuid

I am calling an Apex Remote Action which performs an HTTP callout to an external service in AWS.  Work fine in my Partner DE Org.  Pushed the code to the customer's Sandbox and ran into the error.

Has any of you hardened Skuid-ers run into this sort of problem in the past?

 After a quick google-bing, I ran across this KB:

 https://help.salesforce.com/apex/HTViewSolution?id=000214850&language=en_US

** After the Summer '15 release, Apex callouts, Workflow outbound messaging, Delegated Authentication, and other HTTPS callouts will support TLS (Transport Layer Security) 1.1, TLS 1.2, and Server Name Indication (SNI). Customers' remote endpoints will have to be configured to support this update. **

Thoughts?

Regards,

Irvin

Photo of Irvin Waldman

Irvin Waldman, Champion

  • 9,006 Points 5k badge 2x thumb
  • frustrated!

Posted 3 years ago

  • 1
Photo of J.

J., Official Rep

  • 7,470 Points 5k badge 2x thumb
Hey, Irvin. Do you control that AWS endpoint? We encountered an issue like this with a customer a while back, only the situation was reversed: the third party provider was switching off SSL v3 on the endpoint, and Salesforce had to get with the program. It is odd that one Salesforce Org would still be using SSL v3, as all instances were upgraded in June (I think) though. If you can, I'd try making a really simple callout from the Sandbox to the endpoint and see if you can even make the connection.

I don't want to send you down a wild goose chase because the issue may be something else entirely, but I can say that this does sound familiar and the solution in that instance was get everything going on TLS. The only other thing that came to mind was the review the Remote Site Settings in the two orgs to see that they match.  
Photo of Irvin Waldman

Irvin Waldman, Champion

  • 9,006 Points 5k badge 2x thumb
Hi J,

Thanks for the reply.

I have cross-checked the Remote Site settings - check.

No, I do not control the AWS endpoint.  It is a fee based service and I am just calling it within certain workflows e.g. click Skuid multiple-action button.

Thanks again,
Irvin
Photo of Irvin Waldman

Irvin Waldman, Champion

  • 9,006 Points 5k badge 2x thumb
J, I verified that the service would not work with TLS 1.1.  Now I get to fight with the vendor.  Oh joy.


Photo of Rob Hatch

Rob Hatch, Official Rep

  • 44,006 Points 20k badge 2x thumb
Joy indeed...