The Salesforce TLS1.0 Deactivation Alarm

Alert! Alarm! Action Needed! TLS 1.o Deactivation

Salesforce has been sending us these alarming notifications for over a year now. “As an admin for a Salesforce org that may use TLS 1.0 encryption to connect with external channels, we want to inform you of the Salesforce deactivation of the TLS 1.0 protocol.”

Those of us not in the know may have tried to decode the acronym The Learning Status, Top Lingo Structure. But no, that couldn’t be. Didn’t seem too bad since we were just going from 1.0 to 1.1. So maybe we shouldn’t worry. Make a note: Find about TLS and see if it matters to us. And the months went by.

This is how Salesforce explains it. “The disablement of TLS 1.0 is being undertaken so we can maintain the highest security standards and promote the  safety of your data as well as align with industry-wide best practices.” Good news? Sounds like it. Further, “TLS 1.0 is no longer considered strong cryptography….Salesforce will disable the use of TLS 1.0 for connections to and from Salesforce.” Now we’re getting codey! “Any channels connecting with Salesforce will need to use TLS1.1 encryption or higher.” I hope those channels know this! “Channels attempting to connect with Salesforce using encryption protocols lower than TLS 1.1 will NOT be able to connect to Salesforce.” Yikes! This does sound serious. And so it went for months of notifications.

Now we know that the deadline is March 4! If we only barely understood the alarming news, what should we do? Well, the good news it that most modern browsers do support the new protocols. No problemo with most of them. And so you’ll know, TLS stands for Transport Layer Security. Salesforce Knowledge tells us that TLS ensures that a connection to a remote endpoint is actually to the intended destination through encryption and endpoint identity verification. Salesforce web and API connections, along with email delivery, use TLS as a key component of their security.  If Salesforce is concerned with our security, we should be, too.

For your browser, or your users browsers,  the minimum required action is to enable TLS 1.1 and TLS 1.2 encryption within your browser security settings. You may want to test the compatibility of an API client, or outbound integration or read more about testing and compatibility. Salesforce Knowledge has a complex–but readable–article.

The Salesforce Advocate, in their article “Are you ready for Salesforce TLS 1.0 deactivation” gives us more info on testing your browser, checking Login History in your org for finding incompatible applications, useful definitions and resources. Michael White has done his homework and laid it out for us.

Bottom line: You may not have to do much of anything. But you do need to check it all out. And you need to do it right now!