FAQ-000884 - External Platform Security / TLS and Transportation Security

TLS/SSL security findings in managed package security reviews are usually triggered by: 1. **Outdated Protocols**: Not supporting the required TLS 1.2 protocol or higher. 2. **Misconfigurations**: Improperly configured TLS/SSL settings. 3. **Insecure Versions**: Using insecure versions of SSL/TLS. Ensuring your package supports TLS 1.2 or higher and is properly configured can help avoid these findings.

The FAQ content is accurate and well-structured, but I made minor formatting improvements for consistency. I changed 'TLSv1.2' to 'TLS 1.2' to match standard industry formatting conventions and removed the 'v' notation for better readability. For security rules, I selected three rules that directly relate to TLS/SSL security issues discussed in this FAQ: 1. **ApexInsecureEndpoint** - This rule detects insecure HTTP endpoints in Apex code, which directly relates to the FAQ's discussion of TLS/SSL security findings. The FAQ mentions 'insecure versions of SSL/TLS' and this rule would flag code that uses HTTP instead of HTTPS endpoints. 2. **AvoidInsecureHttpRemoteSiteSetting** - This rule identifies remote site settings that use insecure HTTP protocols instead of HTTPS. This directly corresponds to the FAQ's points about 'outdated protocols' and 'misconfigurations' in TLS/SSL settings, as remote site settings are a key place where TLS configuration issues occur. 3. **AvoidDisableProtocolSecurityRemoteSiteSetting** - This rule flags remote site settings that have protocol security disabled. This aligns perfectly with the FAQ's mention of 'misconfigurations' and 'improperly configured TLS/SSL settings', as disabling protocol security is exactly the type of misconfiguration that would trigger TLS/SSL security findings.