As an #AwesomeAdmin – are you aware of which of your users is going to be affect by TLS 1.0 being disabled in Salesforce?
Hopefully the answer is NONE! But the July 22nd 2017 is fast approaching, have you gone through the checklist to ensure you are ready?
First things first though.
What is TLS 1.0? And why should I care?
Salesforce has an explanation on the Help article relating to TLS 1.0 being disabled:
TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS, to date, are TLS 1.0, 1.1 and 1.2.
Salesforce web and API connections, along with email delivery, use TLS as a key component of their security. HTTPS (web) and STARTTLS SMTP (email) also use TLS as a key component of their security.
In reality, what does this mean for you? TLS is a protocol which provides security for you and your users when they log in to Salesforce. This can be either via the website, like when a user goes to login.salesforce.com, or it is also used when a user logins to Salesforce via an app (like Salesforce for Outlook, Web to Lead, Open CTI, etc).
After TLS 1.0 has been disabled, any login attempt using that protocol will simply fail, unless TLS 1.1 (as a minimum) is support.
When is TLS 1.0 being disabled?
Salesforce has previously moved the effective date for the TLS 1.0 disablement to give Admins more time to catch up, but I wouldn’t count on Salesforce moving this again.
As it stands Salesforce are planning to disable TLS 1.0 on the 22nd July 2017.
How do I check?
In Summer ’16, Salesforce updated the Login History reports in Salesforce to allow Admins to check what type of TLS connection is used. The downloaded file will also show you 6 months history, and will show the TLS Protocol being used.
To access this, go to Setup -> use the Quick Find to search for ‘Login History’ -> Select ‘TLS 1.0 Logins Only’ -> Click the ‘Download Now’ button. Please be mindful, this report can take a while to download if there is a lot of TLS 1.0 logins!
Hopefully, this is an empty or only a few records in the file for you. One of the orgs I have recently managed had a lot! And it was all down to Salesforce for Outlook needing to be updated for all users.
From there, you should be able to narrow down what needs to be updated to then get it fixed.
The good news, is most up-to-date browsers will already support TLS 1.1 or higher. And the Salesforce apps like Salesforce for Outlook have supported this change for almost a year… If you are on the latest version of the software, it shouldn’t be a problem.
Need more help?
Because this has a potential big impact on customers, Salesforce has provided a lot of support documentation and guides. They have even published a checklist to download and run through if you need more help.
- Knowledge Article: TLS 1.0 being disabled
- Success Community: TLS 1.0 readiness checklist
- Post your questions to the Salesforce Infrastructure Success Community group and follow the discussions on “BeTLSReady” and “TLS 1.0 Disablement.”