Analysis and solutions for TLS 1.0 & 1.1 Deprecation impact on different NetSuite components:
- SuiteScript 1.0 requests such as nlapiRequestURL and nlapiRequestURLWithCredentials, and similar requests using the SuiteScript 2.0 HTTPS module usually go to third-party servers. Management of these servers is not within the control of your company. After this change takes effect, these HTTPS requests will fail when attempting to connect to servers that do not support TLS 1.2. We recommend that you communicate with those who manage any of the third-party servers that you are connected to, and ensure their servers support the TLS 1.2 protocol. Therefore all the third-party servers used by SuiteScript should at least be upgraded to TLS 1.2.
- SuiteScript 1.0 requests such as nlapiRequestURL and nlapiRequestURLWithCredentials and similar requests using the SuiteScript 2.0 HTTPS module will fail the handshake when attempting to connect to servers that do not support TLS 1.2. They will also throw different connection errors if the servers do not support TLS 1.2.
- Review the URL where the script is trying to connect to, and determine whether it is TLS 1.2 compliant. The URLs in question can be verified via external TLS Checkers. Once verified, immediately reach out to the third-party owner of the URL to have their servers updated for TLS 1.2 compliance.
- Below are some sample external links that users can use in verifying their external URLs:
- https://www.ssllabs.com/ssltest/ – Can test a URL/page for security settings
- https://www.howsmyssl.com/s/api.html – a public API that can be called for testing TLS/security
On SuiteCloud IDE:
Browser Troubleshooting Information:
- On Internet Explorer, enable TLS 1.2 on Internet Option via Tools > Internet Options > Advanced > ‘Use TLS 1.2’ is checked
- On Mozilla Firefox, Set Maximum TLS Version.
- In a new tab, type or paste about:config in the address bar and then press Enter/Return. Click the button promising to be careful.
- In the search box above the list, type or paste security.tls.version.max. Set security.tls.version.max preference value to 3, to ensure support of TLS 1.2 on the browser.
- On Google Chrome, check Chrome Flag (chrome://flags/#ssl-version-max) and set the Maximum TLS version to use TLS 1.2 or above.
On Integrations (SuiteTalk (Web Services) and RestLet):
- Integrations will likely be impacted the most since they mostly utilize external connections
- Immediately reach out to the owner of the third-party application/software being used to send the data to NetSuite in order to have them update the security protocols and ensure that TLS 1.2 is being supported by their application.
Our team of certified NetSuite consultants can help with your business’ custom requirements. Schedule a demo with us today!