TLS 1.0 Disablement

SalesforceSummaries is a publication that delivers the key insights from Salesforce YouTube videos. We aim to be the getAbstract.com of Salesforce tutorial videos. These publications will save you time as you keep up to date with the latest technological changes within the Salesforce ecosystem.

Introduction:

The Transport Layer Security (TLS) is an internet protocol that ensures privacy between communicating applications and their users. As of July ’17, Salesforce have disabled support for TLS 1.0. This means that any application that does not have the TLS 1.0 protocol disabled won’t be able to request and receive responses to/from Salesforce. Instead, Salesforce supports TLS 1.1 and above. This summary delivers the key points from the ‘Are you ready for TLS 1.0 disablement’ discussion prior to the Summer ’17 release.

Details: ‘Are You Ready for TLS 1.0 Disablement? — Release Readiness LIVE, Summer ‘17

Presenter: Emilio Acevedo

Date: June 27 2017

Time: 8 minutes

Key terms: TLS 1.0, TLS 1.1, security, internet protocol

Summary:

  1. @0.50 — TLS stands for Transport Layer Security. Also known as the ‘S’ in HTTPS. It is the security layer between all connections in the internet. TLS is a protocol that ensures privacy between communicating applications and their users on the Internet.

2. @1.15 — TLS 1.0 has been found to be no longer secure. This consensus has been agreed by a number of global companies and it’s been adopted as best practice to ensure compliance to TLS 1.1 and above. As of Summer ’17 release, Salesforce started a phased approach to disable access to Salesforce via TLS 1.0.

3. @2.20 — Essentially, anything that is connecting to a Salesforce environment will be affected. If a user is on a browser that hasn’t disabled TLS 1.0 and is on TLS 1.1 or above, then an error will be hit and recorded on the user record logging in: ‘Failed: Login over insecure channel’. Also, if you export the login history of a user trying to login to a Salesforce environment with TLS 1.0 enabled, then the column ‘TLS Protocol’ will record ‘TLS 1.0’ and the aforementioned error message would also be stored in the .csv file.

The exception is if a call is made to a Salesforce Community, as the disablement date for TLS 1.0 for these environments is March 2018 whereas for all other Salesforce environments it is July 2017.

4. @3.20 — If mobile applications aren’t following the Salesforce best practices, then there could be issues too. If you are on the latest operating systems, application versions and browsers, then generally you won’t hit a problem.

5. @5.30 — The browser compatibility test site — https://tls1test.salesforce.com/s/ — is a great resource to use to check if your browser is compatible with TLS 1.1 and above.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.