Resolving error "First error: Server chose TLSv1, but that protocol version is not enabled..."


As of January 19, 2017, Amazon SES supports TLS 1.1 and TLS 1.2.  With this, you should be able to use Salesforce with the March 2017 critical update forcing the use of only TLS 1.1 or TLS 1.2 and still successfully use Soapbox Mailer. currently allows the disabling of TLSv1, a security protocol used by web services to talk to each other. If this version of TLS is disabled in your Salesforce service, Soapbox Mailer will not be able to function properly, since Amazon Web Service's Simple Email Service still requires the use of TLSv1.

You'll be able to see if this is causing an error in your Soapbox Mailer service by going to Monitor > Jobs > Apex Jobs and seeing if there is an error that includes the following message:

"First error: Server chose TLSv1, but that protocol version is not enabled or not supported by the client."

If so, this means that TLSv1 was deactivated in your Salesforce account. Salesforce will not be forcing the deactivation of TLSv1 until March 2017, so if you want, you can easily re-enable TLSv1 by doing the following.

1) Go to Build > Critical Updates

2) Under the Update Name column, look for "Require TLS 1.1 or higher for HTTPS connections"

3) For the row that has "Require TLS 1.1 or higher for HTTPS connections", click the "Deactivate" link

If you want to reactivate this update in the future, just click the "Activate" link.

Happy emailing!

Have more questions? Submit a request
Article is closed for comments.