AnsweredAssumed Answered

What type of TLS encryption level does Marketo support?

Question asked by 5325579792eda0b2bf8dc70b4b6b760ceec9a86c on Jan 25, 2016
Latest reply on Aug 28, 2019 by Sanford Whiteman

Looking to find out what level of TLS encryption Marketo supports. We just received this notification from Salesforce that they are disabling TLS 1.0 encryption early next year. How does that affect the Marketo/SFDC integration? Is there anything we need to do in Marketo to prepare for the transition?



Salesforce Notification Below:


@As an admin for a Salesforce org that may use TLS 1.0 encryption to connect with external channels, we want to inform you of a schedule change for the Salesforce disablement of the TLS 1.0 encryption protocol.

At Salesforce, trust is our #1 value, and we take the protection of our customers' data very seriously. The disablement of TLS 1.0 is being undertaken so we can maintain the highest security standards and promote the safety of your data as well as align with industry-wide best practices. Salesforce previously communicated that the disablement would take place in the first half of 2016 and action was required to maintain access to your Salesforce orgs. We have since revised the timing for the rollout of this security improvement to provide customers with additional time to manage this change.

What are Salesforce’s new time frames for disabling TLS 1.0?
We will announce the exact date and time of each disablement approximately two months prior to the maintenance, but the revised deadline timeframes for disabling the use of TLS 1.0 to and from Salesforce are as follows:


Previous Deadline

New Deadline

Sandbox Instances

February 20 - March 12, 2016

Late June 2016

Production Instances

April 2016

Early 2017

  1., other services

April 2016

Early 2017

Why is Salesforce disabling TLS 1.0?
TLS 1.0 is no longer considered strong cryptography. In keeping with our desire to protect the safety of your data and maintain secure service environments, Salesforce will disable the use of TLS 1.0 for connections to and from Salesforce.

What does this mean for me?
After Salesforce disables TLS 1.0 encryption, any channels connecting with Salesforce will need to use TLS 1.1 encryption or higher. Channels attempting to connect with Salesforce using encryption protocols lower than TLS 1.1 will NOT be able to connect to Salesforce. This includes browsers and any integrations to Salesforce APIs using unsupported encryption protocols.

What action do I need to take?
In order to maintain access to your Salesforce orgs, you need to ensure your browsers, integrations, and applications that use inbound connections to or outbound connections from Salesforce have TLS 1.1 and/or TLS 1.2 enabled by the new timelines indicated above. For more details on TLS 1.1 or higher compatibility, review the Salesforce disabling TLS 1.0 article. Salesforce has already enabled TLS 1.1 and TLS 1.2 for outbound connections from Salesforce, and TLS 1.2 is already enabled in connections to Salesforce. We recommend that you begin to support TLS 1.1 and TLS 1.2 as soon as possible.

Where can I get more information?
Notifications with additional information will be available within the coming weeks.

For additional questions, you can open a case with Customer Support via the Help & Training portal.