Analysis and solutions for TLS 1.0 & 1.1 Deprecation impact on different NetSuite components:
- SuiteScript 1.0 requests such as nlapiRequestURL and nlapiRequestURLWithCredentials, and similar requests using the SuiteScript 2.0 https module, usually go to third-party servers. Management of these servers is not within the control of your company. After this change takes effect, these https requests will fail the handshake when attempting to connect to servers that do not support TLS 1.2. We recommend that you communicate with those who manage any third-party servers to which you connect, and ensure their servers support the TLS 1.2 protocol. Therefore all the third party servers used by SuiteScript should at least be upgraded to TLS 1.2.
- SuiteScript 1.0 requests such as nlapiRequestURL and nlapiRequestURLWithCredentials and similar requests using the SuiteScript 2.0 https module will fail the handshake when attempting to connect to servers that do not support TLS 1.2. And they will throw different connection errors if the servers do not support TLS 1.2.
- Review the URL where the script is trying to connect to, if it is TLS 1.2 compliant. The URLs in question can be verified via external TLS Checkers. Once verified, immediately reach out to the third party owner of the URL to have their servers updated for TLS 1.2 compliance.
- Below are some sample external links that users can use in verifying their external URLs:
- https://www.ssllabs.com/ssltest/ – Can test a URL/page for security settings
- https://www.howsmyssl.com/s/api.html – a public API that can be called for testing TLS/security
On SuiteCloud IDE:
Browser Troubleshooting Information:
- On Internet Explorer, enable TLS 1.2 on Internet Option via Tools > Internet Options > Advanced > ‘Use TLS 1.2’ is checked
- On Mozilla FireFox, Set Maximum TLS Version.
- In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
- In the search box above the list, type or paste security.tls.version.max Set security.tls.version.max preference value to 3, to ensure support of TLS 1.2 on the browser.
- On Google Chrome, check Chrome Flag (chrome://flags/#ssl-version-max) and set the Maximum TLS version to use TLS 1.2 or above.
On Integrations (SuiteTalk (Web Services) and RestLet):
- Integrations are the most likely going to be impacted the most since it is the one that mostly utilizes external connections.
- Immediately reach out to the owner of the third-party application/software being used to send the data to NetSuite to have them update the security protocols and ensure that TLS 1.2 is being supported by their application.