SAP Knowledge Base Article - Public

2261638 - Error: 'TLS 1.0 has been disabled in this organization', when refreshing a report based off Salesforce.com in Crystal Reports

Symptom

  • Fail to login to Salesforce.com from Crystal Reports.
  • Unable to refresh report based on Salesforce.com in Crystal Reports and in BI LaunchPad.
  • All reports created in Crystal Reports off Salesforce.com are now failing, but all report were refreshing successfully before.
  • Error: Logon failed. SSLHandshakeException: Received fatal alert: handshake_failure, when refreshing a report based on Salesforce.com in Crystal Reports.
  • When attempting to create or refresh a report bases on Salesforce.com in Crystal Reports, it fails with the error:
       
    "Database Connector Error: 'HY000:UNSUPPORTED_CLIENT: TLS 1.0 has been disabled in this organization. Please use TLS 1.1 or higher when connecting to Salesforce using https"

Environment

  • SAP Crystal Reports 2008
  • SAP Crystal Reports 2011
  • SAP Crystal Reports 2013
  • SAP Crystal Reports 2016
         
  • Salesforce.com

Reproducing the Issue

  1. In Crystal Reports, open a report based on Salesforce.com
  2. Refresh the report.
  3. After entering the Salesforce.com user credentials, it fails with an error like:
           
    "Logon failed. SSLHandshakeException: Received fatal alert: handshake_failure"

Cause

  • The reason it fails to connect to Salesforce.com, it is because Crystal Reports uses TLS 1.0 encryption to communicate with Salesforce.com, but Salesforce started disabling TLS 1.0 for security reason in 2016 and will completely dropping support on July 22, 2017. Thereafter, it will be required for any external application to use TLS 1.1 or higher to connect to Salesforce.com
         
  • For reference, see the Salesforce Knowledge Article 000221207
         
  • This situation has been tracked under SAP Note 2256383

Resolution

  • Crystal Reports TLS encryption was updated from using TLS 1.0 to using TLS 1.2 in the following product updates:
            
    • Crystal Reports 2008
      • Service Pack 6 - Fix Pack 6.7
      • Service Pack 7 - Fix Pack 7.3
                 
    • Crystal Reports 2011
      • Support Pack 11 - Patch 9
      • Support Pack 12 - Patch 2
                 
    • Crystal Reports 2013
      • Support Pack 05 - Patch 13
      • Support Pack 06 - Patch 6
      • Support Pack 07 - Patch 3
      • Support Pack 08 - Patch 4
      • Support Pack 09
            
    • Crystal Reports 2016
      • Support Pack 03
           
               
  • Limitation:

    For Crystal Reports 2008, since TLS1.1 and higher version only support java 1.7+, and the default java version integrated in Crystal Reports 2008 is Java JVM 1.6, you have to manually modify the JavaDir32 value in CRConfig.xml file. Please refer to SAP Notes 2261716 to update CRConfig.xml file. ( SAP Notes requires an SAP User account to access it. )

  • IMPORTANT NOTE 
       
    The latest update of the SAP Salesforce ODBC Driver version 1.02.07.1019, which is bundled in the following version of Crystal Reports have a couple of regression issues:
             
    - Crystal Reports 2013 - Support Pack 09 and above
    - Crystal Reports 2016 - Support Pack 04 and above
               
    For a list of issues in Crystal Reports 2013 / 2016, see the SAP Knowledge Base Articles: 2245135
             
    Therefore, the suggestion to be able to connect to Salesforce.com using TLS 1.2, and avoid the regression isssues, install the following product update, instead of installing the latest product updates:
             
    • Crystal Reports 2013
      • Support Pack 06 - Patch 6
      • Support Pack 07 - Patch 3
      • Support Pack 08 - Patch 4
               
    • Crystal Reports 2016
      • Support Pack 03

Keywords

CR, SForce, Salesforce, TLS 1.0 , KBA , BI-RA-CR , Crystal Reports designer or Business View Manager , Bug Filed

Product

Crystal Reports 2008 V1 ; SAP Crystal Reports 2011 ; SAP Crystal Reports 2013 ; SAP Crystal Reports 2016