TLSv1.2

You are quite right.  The webhook client side won't support servers that are locked to only TLSv1.2 at this time.  If you're going to lose connectivity immediately you could use a proxy temporarily (the proxy runs TLSv1.1 to/from you and TLSv1.2 to/from upstream).

Kenny Elkington​

And Rajesh Talele Aruba Prod​ too

We added support for TLS 1.2 in webhooks early last month.

I tested it before I posted -- it didn't work.  Reenabling SSL3/TLS1 still works.  I can do more tests later tonight.

Retested and same result.  Maybe the pod I'm testing with wasn't upgraded, but it will not connect to a TLS 1.2-only box. 

You'll probably want to file a support ticket with details.

Did you file a ticket Sanford Whiteman​? I took a look and couldn't find any outstanding and I haven't heard of anyone reproducing this issue.

Jep Castelein​ you have successfully used TLS 1.2 with webhooks, correct?

I want to make sure all is working as expected...

Funny, SFDC just removed usage of TLSv1.0...

-Greg

Marketo Webhooks have been upgraded with the Feb 5th release to support TLS 1.1 and 1.2. The immediate reason was the announcement that SFDC would stop supporting TLS 1.0 on Production orgs on March 4, 2017 (1 year from now). However, SFDC will be upgrading sandboxes sooner, and you can elect to upgrade your sandboxes today, so we wanted to be ready for that. 

I don't know the details of the Feb 5th release, other than that it supports SFDC's new setup (which I believe still supports 1.1). It may be that a 1.2-only connection does not work yet (as Sanford's tests indicate).

Hi Jep,

The corresponding "Critical Update" is already available in production instances of SFDC and can be "updated" at any moment by the SFDC admin who would not necessary know it would impact Marketo. So good news Marketo has been upgraded. The date of March 2017 is the deadline at which, if the SFDC have not activated the upgrade, it will be automatically updated by SFDC.

-Greg