News & Resources — News Announcements

Product & Service Notification- Upgrade to TLS 1.1 or higher by July 22

Upgrade to TLS 1.1 or higher by July 22

Reminder that Salesforce is requiring an upgrade to TLS 1.1 or higher by July 22, 2017. On that date TLS 1.0 will be disabled. Click here to learn if your organization will be affected by this TLS 1.0 encryption protocol change from Salesforce and how to identify users or integrations still using it.

Product & Service Notification

Your org has been identified as having users or integrations still creating inbound connections to Salesforce using TLS 1.0 encryption protocol during the month of March.

We want to remind you that Salesforce is requiring an upgrade to TLS 1.1 or higher by July 22, 2017. On that date we will disable TLS 1.0. To ensure your users and integrations will be able to connect to Salesforce after the disablement, please ensure you upgrade to TLS 1.1 or later before July 22, 2017.

Why is Salesforce making this change?
As Trust is our #1 value, Salesforce is focused on helping our customers improve their security by using the latest security protocols. On July 22, 2017, Salesforce will require TLS 1.1 and later encryption protocol to maintain the highest security standards and promote the safety of customer data. Moving to TLS 1.1 or higher provides a more secure environment and also prepares you for continued PCI compliance.
What is the impact of TLS 1.0 disablement?
The impact of the TLS 1.0 disablement will vary by org, and depends on the ways in which your users connect to the Salesforce service. Key areas of impact include:

User browser access – Browser incompatibility will prevent your internal and external users from accessing your Salesforce org, Communities and Sites.
Microsoft email integrations – Integrations such as Salesforce for Outlook, Exchange Sync and Salesforce App for Outlook won’t work if users don’t meet compatibility requirements.
API integrations – These integrations will cease to work if they are not compatible with TLS 1.1 or later. This includes .NET-based integrations that send requests to Salesforce and are not enabled with TLS 1.1 and/or TLS 1.2.
Communities and Sites – users will not be able to connect unless their browser or browser settings are updated per compatibility guidelines. Please review How to test for internet browser compatibility for more information.
Partner App/AppExchange Integrations – Partner App/AppExchange Integrations will cease to work if they are not compatible with TLS 1.1 or later.
Case submission and management – Admins using incompatible browsers will be unable to access the Salesforce Help & Training portal, impacting case submission and management.
What action do I need to take?
Review how your users and integrations connect to Salesforce and ensure those connections are ready to support TLS 1.1 and later well before July 22, 2017.

Many of our products and developer tools are already compatible with the latest versions of TLS. Customers should start early with their planning and testing to ensure a successful transition to supporting the latest TLS version prior to our disablement of TLS 1.0. Check out the TLS 1.0 Disablement Readiness Checklist (login required) for best practices on how to prepare for this change.

How can I identify users or integrations still using TLS 1.0?
During the Summer ’16 release, Salesforce introduced the “TLS Protocol” and “TLS Cipher Suite” fields into the Login History object to help customers prepare for the TLS 1.0 disablement. Admins can add these fields to the Login History report to identify users or integrations still using the TLS 1.0 encryption protocol. These fields can also be added to the standard login history administrative report as well as List Views on the Login History page. For a complete walk-through of running the Login History report to identify TLS 1.0 connections watch our Login History demo. Read the Monitor Login History article for more information.

NOTE: All users can access their own login history data. However, only admins with the “Manage Users” permission can access login history for all users in their org. If you do not have the “Manage Users” permission enabled for your user account, coordinate with another admin in your org or to run login history reports.