3234756 - CMT : CPQ: Unable to log into CPQ via Salesforce after upgrading TLS to a version above 1.0

Applies To:   

CPQ

Summary:

Unable to log into CPQ via Salesforce after upgrading TLS to a version above 1.0

Details:

If you update SFDC to use a TLS version above 1.0, unfortunately CPQ does not support yet (to be supported in CPQ version 2016.2). You should be unable to switch into CPQ from Salesforce even though you can directly log into CPQ if using your standard CPQ application URL (sandbox.webcomcpq.com, webcomcpq.com, etc), username, and password.

We have a fix in place for CPQ 2016.2 release to address this issue, but in the meantime, please continue to use TLS 1.0 in your SFDC environment.

The SFDC TLS 1.0 change isn't going to be mandatory until June according to the following article:

https://help.salesforce.com/apex/HTViewSolution?id=000221207

TLS 1.1 SWITCH DATES AS MANDATED BY SALESFORCE:

- Sandbox - June 25, 2016, at 9:30 AM PDT (16:30 UTC)

- Production - March 4, 2017, at 9:30 AM PST (17:30 UTC)
- login.salesforce.com, other services Early 2017

Callidus CPQ is targeted to be TLS 1.1 compatible before the June 25th, 2016 date. 

Solution/Workaround:

In the meantime, h​ere is how to turn off TLS 1.1 or to downgrade:

In Salesforce go to setup > develop > Critical updates. On that page, select deactivate "Require TLS 1.1 or higher for HTTPS connections".

References:

SC30228375

https://help.salesforce.com/apex/HTViewSolution?id=000221207