As an admin of a Salesforce org that may use the TLS 1.0 encryption protocol with Salesforce, we want to remind you that Salesforce is requiring an upgrade to TLS 1.1 or higher by March 4, 2017 at 9:30 AM PDT (17:30 UTC). On that date we will disable TLS 1.0. Action is required prior to this date to prevent any disruption to your production instance.
Why is Salesforce making this change?
As Trust is our #1 value, Salesforce is focused on helping our customers improve their security by using the latest security protocols. On March 4, 2017, Salesforce will require TLS 1.1 and later encryption protocol to maintain the highest security standards and promote the safety of customer data. Moving to TLS 1.1 or higher provides a more secure environment and also prepares you for continued PCI compliance.
What is the impact of TLS 1.0 disablement?
The impact of the TLS 1.0 disablement will vary by org, and depends on the ways in which your users connect to the Salesforce service. Key areas of impact include:
|•||User browser access – Browser incompatibility will prevent your internal and external users from accessing your Salesforce org, Communities and Sites.|
|•||Microsoft email integrations – Integrations such as Salesforce for Outlook, Exchange Sync and Salesforce App for Outlook won’t work if users don’t meet compatibility requirements.|
|•||API integrations – These integrations will cease to work if they are not compatible with TLS 1.1 or later. This includes .NET-based integrations that send requests to Salesforce and are not enabled with TLS 1.1 and/or TLS 1.2.|
|•||Communities and Sites users will not be able to connect unless their browser or browser settings are updated per compatibility guidelines. Please review How to test for internet browser compatibility for more information.|
|•||Partner App/AppExchange Integrations – Partner App/AppExchange Integrations will cease to work if they are not compatible with TLS 1.1 or later.|
|•||Case submission and management – Admins using incompatible browsers will be unable to access the Salesforce Help & Training portal, impacting case submission and management.|
What action do I need to take?
Review how your users and integrations connect to Salesforce and ensure those connections are ready to support TLS 1.1 and later well before March 4, 2017.
Many of our products and developer tools are already compatible with the latest versions of TLS. Customers should start early with their planning and testing to ensure a successful transition to supporting the latest TLS version prior to our disablement of TLS 1.0. Check out the TLS 1.0 Disablement Readiness Checklist (login required) for best practices on how to prepare for this change.
How can I identify users or integrations still using TLS 1.0?
During the Summer ‘16 release, Salesforce introduced the “TLS Protocol” and “TLS Cipher Suite” fields into the Login History object to help customers prepare for the TLS 1.0 disablement. Admins can add these fields to the Login History report to identify users or integrations still using the TLS 1.0 encryption protocol. These fields can also be added to the standard login history administrative report as well as List Views on the Login History page. Read the Monitor Login History article for more information.
NOTE: All users can access their own login history data. However, only admins with the “Manage Users” permission can access login history for all users in their org. If you do not have the “Manage Users” permission enabled for your user account, coordinate with another admin in your org or to run login history reports.
How can I get more information?
Review the Salesforce disabling TLS 1.0 article and post your questions to the Official: Salesforce Infrastructure Success Community group. Follow the discussions in the “BeTLSReady” and “TLS 1.0 Disablement” Chatter topics within the Success Community. You can also watch the Secure Connections: How TLS 1.0 disablement impacts your organization video to hear the experts talk about the disablement.
For additional questions, open a case with Support via the Help & Training portal.