TLS 1.0 Disablement
SalesforceSummaries is a publication that delivers the key insights from Salesforce YouTube videos. We aim to be the getAbstract.com of Salesforce tutorial videos. These publications will save you time as you keep up to date with the latest technological changes within the Salesforce ecosystem.
The Transport Layer Security (TLS) is an internet protocol that ensures privacy between communicating applications and their users. As of July ’17, Salesforce have disabled support for TLS 1.0. This means that any application that does not have the TLS 1.0 protocol disabled won’t be able to request and receive responses to/from Salesforce. Instead, Salesforce supports TLS 1.1 and above. This summary delivers the key points from the ‘Are you ready for TLS 1.0 disablement’ discussion prior to the Summer ’17 release.
Presenter: Emilio Acevedo
Date: June 27 2017
Time: 8 minutes
Key terms: TLS 1.0, TLS 1.1, security, internet protocol
- @0.50 — TLS stands for Transport Layer Security. Also known as the ‘S’ in HTTPS. It is the security layer between all connections in the internet. TLS is a protocol that ensures privacy between communicating applications and their users on the Internet.
2. @1.15 — TLS 1.0 has been found to be no longer secure. This consensus has been agreed by a number of global companies and it’s been adopted as best practice to ensure compliance to TLS 1.1 and above. As of Summer ’17 release, Salesforce started a phased approach to disable access to Salesforce via TLS 1.0.
3. @2.20 — Essentially, anything that is connecting to a Salesforce environment will be affected. If a user is on a browser that hasn’t disabled TLS 1.0 and is on TLS 1.1 or above, then an error will be hit and recorded on the user record logging in: ‘Failed: Login over insecure channel’. Also, if you export the login history of a user trying to login to a Salesforce environment with TLS 1.0 enabled, then the column ‘TLS Protocol’ will record ‘TLS 1.0’ and the aforementioned error message would also be stored in the .csv file.
The exception is if a call is made to a Salesforce Community, as the disablement date for TLS 1.0 for these environments is March 2018 whereas for all other Salesforce environments it is July 2017.
4. @3.20 — If mobile applications aren’t following the Salesforce best practices, then there could be issues too. If you are on the latest operating systems, application versions and browsers, then generally you won’t hit a problem.
5. @5.30 — The browser compatibility test site — https://tls1test.salesforce.com/s/ — is a great resource to use to check if your browser is compatible with TLS 1.1 and above.