Salesforce wants you to be more secure…
On July 22, 2017 Salesforce will officially end support for any integrated connections that utilize the TLS 1.0 protocol. This applies to all browsers, mobile devices, and any integrations with Salesforce that utilize TLS 1.0. Salesforce will require at least TLS 1.1.
So, what is TLS?!? Well, TLS stands for Transport Layer Security. TLS is a cryptographic protocol that provides communications security over a computer network. Essentially, it is the means by which two computers securely interact; whether that’s you visiting a website or Salesforce interacting with an external application. The next question, logically, is then “Why is Salesforce moving on from TLS 1.0?”. The short answer is that the 1.0 protocol is almost 20 years old with known exploits and there are newer, more secure versions available.
Salesforce is not alone in this move. In June 2016, the Payment Card Industry updated their Data Security Standard (PCI DSS) to require TLS 1.1 or higher as part of their compliance check. PCI made this move specifically in response to the POODLE exploit (a.k.a., the man-in-the-middle exploit) which was found to impact SSL 3.0 and TLS 1.0; although this exploit also was found to impact servers with improperly configured TLS 1.1 and 1.2 checks.
How does this affect you and your Salesforce org?
If your organization has any secure integrations that is exchanging data between Salesforce and 3rd party applications, you need to ensure TLS 1.0 is disabled prior to Salesforce discontinuing this protocol. This will affect both native desktop integrations as well as custom developed mobile applications.
Salesforce is providing a few basic resources to assist customer admins and developers with making this move including:
- TLS 1.0 Disablement Readiness Checklist
- Salesforce’s TLS 1.0 Disablement Webinar Series
- TLS: What You Need To Know! – Release Readiness LIVE, Spring ’17 Video
CleanSlate’s team of highly skilled resources can help you determine what changes need to be made to your Salesforce org, connected apps, and infrastructure to keep your integrated business processes moving through this change. To see how drop us a message!