**Nov. 11, 2019 update: In a continued effort to integrate with Adobe's release structure, we are shifting the deprecation of TLS 1.0 and TLS 1.1 to January 13, 2020. To align with Adobe’s world-class standard for security, we will be deprecating support for Transport Layer Security (TLS) 1.0 and 1.1 starting December 13, 2019 January 13,2020. Systems integrating with Marketo that are not compliant with 1.2 protocol could potentially lose access to Marketo Engage services. To maintain your Marketo Engage access, please ensure that all client systems are TLS 1.2 compliant before January 13, 2020. For a list of TLS 1.2 compliant browsers and frameworks, see the tables at the bottom of this communication. What is Transport Layer Security (TLS)? Transport Layer Security (TLS) is a security protocol that provides privacy and data integrity between two communicating applications. It is deployed widely for web browsers and other applications that require data to be securely exchanged over a network. TLS includes two layers: the TLS Record protocol and the TLS Handshake protocol. The Record protocol provides connection security. The Handshake protocol enables the server and client to authenticate each other and negotiate encryption algorithms and cryptographic keys before data exchange. Why is Marketo Engage making this change? Most requests for Marketo Engage web services originate from TLS 1.2 compliant systems, with low traffic from TLS 1.0 and 1.1 systems. TLS 1.0 was first published in 1999, with newer versions 1.1 in 2006, and 1.2 in 2008. As technologies age, security threats evolve, and so must industry standards. To stay aligned and protect our systems from security risks identified with older TLS versions, we are mandating a minimum TLS 1.2 supported connection to ensure secure connections. There have been documented attacks against TLS 1.0 using an older encryption method and the older versions are more vulnerable than TLS 1.2. For more information, see Attacks Against TLS/SSL. When will this change happen? TLS 1.0 and TLS 1.1 deprecation will take place on January 13, 2020. After the date of deprecation, you will not be able to connect to Marketo Engage services using browsers or applications not compatible with TLS 1.2. Marketo Engage encourages users to quickly abandon older versions of TLS to avoid exposure to security vulnerabilities. How does TLS affect you? Marketo Engage services are web-based and can only be engaged through a secure network connection. TLS helps ensure a secure and reliable connection between your browser or server and Marketo web services, which includes anything that uses Marketo’s API, such as REST, SOAP, Munchkin, RTP, Mobile, and more. As technology evolves, security standards are upgraded to ensure higher levels of privacy and data integrity. However, older applications are not updated to include the latest standards. As the acceptable level of security rises, these older, less secure applications are left behind. To be able to connect to Marketo Engage services, update your browsers and application frameworks to a version that supports TLS 1.2. How does TLS affect your customers? Marketo Engage landing pages will be served to your visitors through TLS 1.2 secured connections. Any browser updated since late 2013 (except Chrome, updated since 2017) will be TLS 1.2 compliant; further, Apple, Google, Microsoft, and Mozilla have all announced their plan to completely disable TLS 1.0 & 1.1 support by the first half of 2020, so we expect very minimal impact to visitors. If visitors report a loss of connectivity to Marketo Engage hosted landing pages as a result of this change, they will need to update to a compatible browser version. What error message will return to a non-compliant connection? The exact error messaging returned depends on the browser or application framework being used to connect to Marketo Engage web services. Some examples include but are not limited to: Unable to connect to the service Service not available Error in connection To resolve these errors, the browser or application framework must be updated to a version compatible with TLS 1.2. TLS 1.2 Compatibility Desktop Browsers Desktop Browser Compatible Versions Release Date Google Chrome V30+ March 20, 2017 Mozilla Firefox V25+ October 29, 2013 Internet Explorer IE 11 October 17, 2013 Microsoft Edge All versions Opera V17+ October 8, 2013 Apple Safari V7+ October 22, 2013 Mobile Browsers Mobile Browser Compatible Versions Google Android OS Browser Android 5.0+ Chrome for Android V30+ Firefox for mobile V27+ Opera Mobile V57+ Apple Safari IOS 5+ Application Frameworks Java .NET OpenSSL Java 8, or later .NET 4.6, or later OpenSSL 1.01, or later Java 7, with TLS 1.2 enabled in app .NET 4.5, with TLS 1.2 enabled in app
View full article