**Nov. 11, 2019 update: In a continued effort to integrate with Adobe's release structure, we are shifting the deprecation of TLS 1.0 and TLS 1.1 to January 13, 2020.

To align with Adobe’s world-class standard for security, we will be deprecating support for Transport Layer Security (TLS) 1.0 and 1.1 starting December 13, 2019 January 13,2020.  Systems integrating with Marketo that are not compliant with 1.2 protocol could potentially lose access to Marketo Engage services.  To maintain your Marketo Engage access, please ensure that all client systems are TLS 1.2 compliant before January 13, 2020. For a list of TLS 1.2 compliant browsers and frameworks, see the tables at the bottom of this communication.

 

What is Transport Layer Security (TLS)? 

Transport Layer Security (TLS) is a security protocol that provides privacy and data integrity between two communicating applications. It is deployed widely for web browsers and other applications that require data to be securely exchanged over a network. TLS includes two layers: the TLS Record protocol and the TLS Handshake protocol. The Record protocol provides connection security. The Handshake protocol enables the server and client to authenticate each other and negotiate encryption algorithms and cryptographic keys before data exchange. 

 

Why is Marketo Engage making this change? 

Most requests for Marketo Engage web services originate from TLS 1.2 compliant systems, with low traffic from TLS 1.0 and 1.1 systems. TLS 1.0 was first published in 1999, with newer versions 1.1 in 2006, and 1.2 in 2008. As technologies age, security threats evolve, and so must industry standards. To stay aligned and protect our systems from security risks identified with older TLS versions, we are mandating a minimum TLS 1.2 supported connection to ensure secure connections. There have been documented attacks against TLS 1.0 using an older encryption method and the older versions are more vulnerable than TLS 1.2. For more information, see Attacks Against TLS/SSL.

 

When will this change happen? 

TLS 1.0 and TLS 1.1 deprecation will take place on January 13, 2020.  After the date of deprecation, you will not be able to connect to Marketo Engage services using browsers or applications not compatible with TLS 1.2. 

 

Marketo Engage encourages users to quickly abandon older versions of TLS to avoid exposure to security vulnerabilities. 

 

 

How does TLS affect you? 

Marketo Engage services are web-based and can only be engaged through a secure network connection.  TLS helps ensure a secure and reliable connection between your browser or server and Marketo web services, which includes anything that uses Marketo’s API, such as REST, SOAP, Munchkin, RTP, Mobile, and more.

 

As technology evolves, security standards are upgraded to ensure higher levels of privacy and data integrity.  However, older applications are not updated to include the latest standards.  As the acceptable level of security rises, these older, less secure applications are left behind. 

 

To be able to connect to Marketo Engage services, update your browsers and application frameworks to a version that supports TLS 1.2. 

 

How does TLS affect your customers? 

Marketo Engage landing pages will be served to your visitors through TLS 1.2 secured connections.  Any browser updated since late 2013 (except Chrome, updated since 2017) will be TLS 1.2 compliant; further, Apple, Google, Microsoft, and Mozilla have all announced their plan to completely disable TLS 1.0 & 1.1 support by the first half of 2020, so we expect very minimal impact to visitors. If visitors report a loss of connectivity to Marketo Engage hosted landing pages as a result of this change, they will need to update to a compatible browser version. 

 

What error message will return to a non-compliant connection? 

The exact error messaging returned depends on the browser or application framework being used to connect to Marketo Engage web services.  Some examples include but are not limited to: 

  • Unable to connect to the service 
  • Service not available 
  • Error in connection 

To resolve these errors, the browser or application framework must be updated to a version compatible with TLS 1.2. 

 

TLS 1.2 Compatibility 

Desktop Browsers 

Desktop Browser 

Compatible Versions 

Release Date

Google Chrome 

V30+ 

March 20, 2017

Mozilla Firefox 

V25+ 

October 29, 2013

Internet Explorer 

IE 11 

October 17, 2013

Microsoft Edge 

All versions 

 

Opera 

V17+ 

October 8, 2013

Apple Safari 

V7+ 

October 22, 2013

 

Mobile Browsers 

Mobile Browser 

Compatible Versions 

Google Android OS Browser

Android 5.0+ 

Chrome for Android 

V30+ 

Firefox for mobile 

V27+ 

Opera Mobile 

V57+ 

Apple Safari 

IOS 5+ 

 

Application Frameworks 

Java 

.NET 

OpenSSL 

Java 8, or later 

.NET 4.6, or later 

OpenSSL 1.01, or later 

Java 7, with TLS 1.2 enabled in app 

.NET 4.5, with TLS 1.2 enabled in app