Salesforce disabling TLS 1.0
Friday, February 3, 2017
Effective in March, Salesforce will no longer support TLS 1.0. Once this change goes into effect for the environment, a user trying to log into the environment with an incompatible web browser will not be able to access Salesforce. The user will be able to access Salesforce if they switch to using a supported web browser.
What is TLS?
TLS or Transport Layer Security is an internet protocol that ensures privacy between communicating applications and their users on the internet. TLS ensures the transfer of information across the internet is secure so that no third party can access or tamper with any message.
Why is TLS 1.0 being Disabled?
TLS 1.0 is an older protocol that has received a number of attacks against it over the years which has highlighted security vulnerabilities. It is no longer considered strong encryption. There are newer protocols (TLS1.1 or 1.2) that provide better safety and security.
Can I check if we will be impacted?
Yes! Your Salesforce System Administrator can run a simple report to identify any browsers or other connections that are using TLS 1.0 and need to be updated before March.
1. Click Setup
2. In the left-hand Setup menu, navigate to the Administer section
3. Expand the section Manager Users
4. Click Login History
5. Under Download Options | File Contents, select TLS1.0 Logins Only
6. Click the Download Now button to export a csv file
7. Open the exported file and review the Application column which lists all connections using the TLS 1.0 protocol. These applications/connections will need to be updated prior to March 2017.
Modern web browsers such as Google Chrome, Mozilla Firefox etc., are not impacted. They are constantly kept updated to today’s standards and users using these browsers will see no impact. But if you have users using older versions of Internet Explorer and/or Safari, there is a chance your users will be impacted. For example, Internet Explorer versions 8 and below do not (and cannot) support TLS 1.0 and will not be able to access Salesforce. Versions 9 and 10 can support this change if they run on Windows 7 or Windows 10, but specific action must be taken on the user’s machine first.
Salesforce has also provided a test page that can be used to determine if the web browser you use to access the page currently supports the change. Note that mobile web browsers on Android and iOS devices are impacted as well.
How should you prepare?
To avoid any interruption of your operations, run an audit of your Salesforce environment and identify all of the third-party interfaces with Salesforce your company has. Then reach out to application owners and vendors to ensure that the version of the application you are currently using supports TLS 1.1 or higher. You may find that you are using an older version of an application that will be impacted by this change but an upgrade to the newest version will resolve the issue, or that the version you are using is not impacted. For more details, see the Salesforce knowledge article.