Enable TLS 1.2 for Authorize.Net and Salesforce API calls

by: Shailesh Patel in: General tags: ASP.NET MVC, SalesForce,

Introduction

This tutorial explains how to enable TLS 1.2 for Authorize.Net and Salesforce API calls. Authorize.Net and Salesforce have been preparing for using TLS 1.1 or higher since past few months. Both of them have changed their developer or sandbox accounts to use TLS 1.1 or higher or TLS 1.2. Authorize.Net plans to switch production to TLS 1.2 by Sept 18, 2017 (refer this link) and Salesforce is planning to switch to TLS 1.1 or higher by July 22, 2017 (refer this link).

Why You Need TLS 1.2?

If you are using developer sandbox account for Authorize.Net then you may have noticed following exception message - “An unexpected error occurred on a send” with inner exception as “Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.”

To solve this issue there are 2 options as mentioned in this Salesforce knowledge article:

Option 1

Add following C# line:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

 

before “var authRequest = new AuthorizeNet.AuthorizationRequest...”.

Option 2

Instead of changing the source code and deploying the build, you try this option which requires adding a registry value on your development / test / production server.

Add a new DWORD “SchUseStrongCrypto” with value “1” for following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319

 

and

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319

 

Note: The above changes are applicable only if your application is using .NET 4.5 or .NET 4.5.2. AuctionWorx uses .NET 4.5.2 and hence this solution is best suited for it.

Useful Links

One of the major reason for switching to TLS 1.2 is PCI compliance too. For PCI compliance, we came across few articles which helps us to configure server for compliance.

IIS Crypto from Nartac Software

TLS / SSL Settings from Microsoft TechNet (registry subkey to disable TLS 1.0)

Disabling TLS 1.0 on your Windows 2008 R2 server from MSDN Blogs