TLSv1.2

Jason_Scott
Level 4

TLSv1.2

We're using Marketo's webhook to connect with a vendor.  Today I was notified by this vendor they're "going to be shutting off anything that uses SSLv3 and TLSv1.1, so it is advised we switch to using TLSv1.2 at this time."  Any one else run into this issue?

Thanks!

Jason

Tags (3)
11 REPLIES 11
SanfordWhiteman
Level 10 - Community Moderator

Re: TLSv1.2

You are quite right.  The webhook client side won't support servers that are locked to only TLSv1.2 at this time.  If you're going to lose connectivity immediately you could use a proxy temporarily (the proxy runs TLSv1.1 to/from you and TLSv1.2 to/from upstream).

Kenny Elkington

And Rajesh Talele Aruba Prod​ too

Kenny_Elkington
Marketo Employee

Re: TLSv1.2

We added support for TLS 1.2 in webhooks early last month.

SanfordWhiteman
Level 10 - Community Moderator

Re: TLSv1.2

I tested it before I posted -- it didn't work.  Reenabling SSL3/TLS1 still works.  I can do more tests later tonight.

SanfordWhiteman
Level 10 - Community Moderator

Re: TLSv1.2

Retested and same result.  Maybe the pod I'm testing with wasn't upgraded, but it will not connect to a TLS 1.2-only box. 

Kenny_Elkington
Marketo Employee

Re: TLSv1.2

You'll probably want to file a support ticket with details.

Justin_Cooperm2
Level 10

Re: TLSv1.2

Did you file a ticket Sanford Whiteman​? I took a look and couldn't find any outstanding and I haven't heard of anyone reproducing this issue.

Jep Castelein​ you have successfully used TLS 1.2 with webhooks, correct?

I want to make sure all is working as expected...

Grégoire_Miche2
Level 10

Re: TLSv1.2

Funny, SFDC just removed usage of TLSv1.0...

-Greg

Jep_Castelein2
Level 10

Re: TLSv1.2

Marketo Webhooks have been upgraded with the Feb 5th release to support TLS 1.1 and 1.2. The immediate reason was the announcement that SFDC would stop supporting TLS 1.0 on Production orgs on March 4, 2017 (1 year from now). However, SFDC will be upgrading sandboxes sooner, and you can elect to upgrade your sandboxes today, so we wanted to be ready for that. 

I don't know the details of the Feb 5th release, other than that it supports SFDC's new setup (which I believe still supports 1.1). It may be that a 1.2-only connection does not work yet (as Sanford's tests indicate).

Grégoire_Miche2
Level 10

Re: TLSv1.2

Hi Jep,

The corresponding "Critical Update" is already available in production instances of SFDC and can be "updated" at any moment by the SFDC admin who would not necessary know it would impact Marketo. So good news Marketo has been upgraded. The date of March 2017 is the deadline at which, if the SFDC have not activated the upgrade, it will be automatically updated by SFDC.

-Greg