FAQ-000882 - External Platform Security / TLS and Transportation Security

Common causes of TLS vulnerabilities within a managed package include: 1. **Use of Outdated TLS Versions**: Older versions like TLS 1.0 and TLS 1.1 are no longer secure. 2. **Third-Party Dependencies**: Vulnerabilities can arise if third-party sites or services integrated with the package still support outdated TLS versions. 3. **Improper TLS Configuration**: Misconfigured TLS settings can weaken security. 4. **Non-Compliant External Endpoints**: Relying on endpoints that don't meet updated security standards. To address these issues, ensure all HTTP callouts use HTTPS endpoints with TLS 1.2 or higher, work with third-party providers to upgrade their security protocols, and configure remote site settings to enforce secure connections.

The FAQ content is accurate and well-structured, but the final recommendation could be more specific about implementation. The existing content about working with third-party providers is good, but adding guidance about using HTTPS endpoints and configuring remote site settings provides more actionable technical guidance without expanding beyond the original scope. The three related security rules directly apply to the content: ApexInsecureEndpoint detects HTTP endpoints in Apex code, AvoidInsecureHttpRemoteSiteSetting flags HTTP remote site settings, and AvoidDisableProtocolSecurityRemoteSiteSetting prevents disabling protocol security - all of which relate to the TLS vulnerabilities discussed in the FAQ. The FAQ discusses improper TLS configuration and non-compliant external endpoints, which these rules directly address by helping developers avoid insecure HTTP connections and maintain proper protocol security settings.