Transport Layer Security (TLS) was developed back in 1999 to create a standard protocol to secure data being transferred between a server and a client machine. TLS is designed to prevent eavesdropping, tampering, and message forgery. With the advancements in technology, particularly in cloud-based computing, the security of data being transferred is of most importance.
ClaimVantage has built its cloud-based claim management system using the Salesforce platform. Salesforce takes pride in its secure cloud-based platform, and the extent of their security features can be found here.
When a user accesses the Salesforce application through a browser, TLS technology protects user data using both server authentication and classic encryption to ensure data is safe, secure, and only available to registered users. To ensure they can continue to provide the highest security standards and promote the safety of consumer data, Salesforce recently announced that TLS 1.0 connections will be disabled in a phased approach beginning on June 25th.
What does this mean?
After June 25th, Transport Layer Security (TLS) 1.0 connections will be disabled from accessing Salesforce services through inbound or outbound connections. Only higher versions of TLS will be allowed going forward.
Salesforce has already enabled TLS 1.1 and TLS 1.2 for outbound connections from Salesforce, and TLS 1.2 is already enabled in connections to Salesforce. Sandbox orgs will be affected on June 25th, 2016 and Production orgs will be affected by this change after March 4th, 2017.
How Can I prepare for this change?
To prepare for this, we recommend that you test this change ahead of June 25th. You can enforce this change now using the steps below:
Within your Salesforce org, click on Setup -> Critical Updates -> Click “Activate” on the Require TLS 1.1 or higher for HTTPS Connections update.
Once you are done testing, you can follow the same steps to turn TLS 1.0 back on.
What Channels will be Affected?
Three different channels require encryption to access Salesforce:
- Internet Browsers
Only supported browsers will be able to access Salesforce services and supported encryption protocols, TLS 1.1 and 1.2 will need to be enabled in the browser. Salesforce is providing updates on supported browsers here.
2. API (inbound) integrations
TLS 1.1 and 1.2 encryption protocols need to be enabled in all API integrations. A full list of compatibility notes is available here.
3. Call-out (outbound) integrations
To avoid disruption, TLS 1.1 and 12 encryption protocols need to be enabled within all call-out integrations. Instructions to test capability are provided here.
Salesforce is providing ongoing updates for users on its website to support this transition. If you are a ClaimVantage platform user, please contact your customer advocate if you have any concerns.