Callouts from Government Cloud to public endpoint fail with handshake error as AES256 Cipher is not enabled in the Government Cloud
Last updated 2021-01-14 ·Reference W-4439321 ·Reported By 2 users
Callouts to public endpoint requiring AES256 cipher fail with handshake error only in Government Cloud. The same callout to a public endpoint from a Salesforce Organization not in the Government Cloud returns a successful response.
1. Confirm <endpoint> is added to Remote Site Settings in Salesforce
2. Go to the Developer Console and execute similar Anonymous Apex code specifying the endpoint at issue:
Http h = new Http();
HttpRequest req = new HttpRequest();
HttpResponse res = h.send(req);
Callout executes and returns good response.
Error: "Server sent fatal alert: handshake_failure"
The same anonymous apex executed from a non-Government Cloud Salesforce Organization to endpoint requiring AES256 cipher is successful.
Note: This known issue only impacts CS32, CS33, and NA21 instances.
Enable AES128 cipher on public endpoint. AES256 cipher is not currently supported in the Government Cloud.
Supported TLS Versions for Government Cloud
Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.