Real People, 24/7
Real people 24/7

NetSuite's move to TLS 1.2

SyncApps is now fully supported by NetSuite's implementation of TLS 1.2 as per their documentation with the cipher AES CBC (such as TLS1-DHE-RSA-AES-256-CBC-SHA) which means Java 7 is able to connect to it.


SyncApps Premier Support actively worked with NetSuite to resolve an issue to include rolling back to the most stable version of NetSuite which supports Java 7 for the SyncApps platform already running on TLS 1.2 and cipher AES CBC since last October 2017.

Incident Details:

March 16th, 2018 there was an ongoing issue with the SSL connection to NetSuite web services that causes all NetSuite integrations running on the Java 7 platform to experience a handshake failure.

Received Error from NetSuite API. Received fatal alert: handshake_failure

The same issue occurred on March 4th, 2018. NetSuite fixed the problem since this last occurrence yet it has reoccurred again today.

The root cause of the problem is that NetSuite did some changes to their server SSL configuration so all integrations to the NetSuite API which uses Java 7 (like SyncApps) cannot connect to their servers. It violated their own FAQs which clearly state that TLS AES CBC crypto will still be supported.

SSL Report From SSLLabs

The SSLLabs report (Fri, 16 Mar 2018 05:11:19 UTC), shows that only AES GCM cryptos are enabled so all Java 7 integrations will not be able to connect to it.


NetSuite TLS 1.0 and 1.1 Deprecation FAQ 

It mentions that AES CBC (such as TLS1-DHE-RSA-AES-256-CBC-SHA) will still be supported which means Java 7 should still be able to connect to it.


Additionally, the deprecation timing seems to be incorrect as the FAQ states that the deprecation is scheduled to be done on April 21st, 2018 and it is already being applied today.

NetSuite will now keep supporting the following ciphers like AES CBC (such as TLS1-DHE-RSA-AES-256-CBC-SHA) which means Java 7 will still be able to connect to it as in the SyncApps use case.


The target date for deprecation of TLS 1.0 and TLS 1.1 for connection to all NetSuite accounts is April 21, 2018.

What cipher suites are recommended for accessing NetSuite?

The following cipher suites are recommended:

  • AES128-GCM-SHA256
  • AES256-GCM-SHA384

The following cipher suites are maintained for reasons of interoperability:

  • AES-128-CBC-SHA
  • AES-256-CBC-SHA

Need some help?

Check out the options below on how you can contact our support team and find the answers you need to help you with your SyncApps integrations. 

Help Center & Email is 24/7 to | Live Chat & Phone is scheduled 


Check out these Help Desk articles for answers to frequently asked questions.

Get Started | Login Issues | Pricing

Be sure to see one customer's story on how SyncApps helped them save 13 days per year of manually importing/exporting data!


Have more questions? Submit a request


  • Avatar
    Dan Goldman

    Does SyncApps support TLS 1.2?

  • Avatar

    Thanks, Dan and yes, SyncApps supports TLS 1.2 since last 2017 when it was announced to be the standard for NetSuite integrations.