**Nov. 11, 2019 update: In a continued effort to integrate with Adobe's release structure, we are shifting the deprecation of TLS 1.0 and TLS 1.1 to January 13, 2020.
To align with Adobe’s world-class standard for security, we will be deprecating support for Transport Layer Security (TLS) 1.0 and 1.1 starting December 13, 2019 January 13,2020. Systems integrating with Marketo that are not compliant with 1.2 protocol could potentially lose access to Marketo Engage services. To maintain your Marketo Engage access, please ensure that all client systems are TLS 1.2 compliant before January 13, 2020. For a list of TLS 1.2 compliant browsers and frameworks, see the tables at the bottom of this communication.
What is Transport Layer Security (TLS)?
Transport Layer Security (TLS) is a security protocol that provides privacy and data integrity between two communicating applications. It is deployed widely for web browsers and other applications that require data to be securely exchanged over a network. TLS includes two layers: the TLS Record protocol and the TLS Handshake protocol. The Record protocol provides connection security. The Handshake protocol enables the server and client to authenticate each other and negotiate encryption algorithms and cryptographic keys before data exchange.
Why is Marketo Engage making this change?
Most requests for Marketo Engage web services originate from TLS 1.2 compliant systems, with low traffic from TLS 1.0 and 1.1 systems. TLS 1.0 was first published in 1999, with newer versions 1.1 in 2006, and 1.2 in 2008. As technologies age, security threats evolve, and so must industry standards. To stay aligned and protect our systems from security risks identified with older TLS versions, we are mandating a minimum TLS 1.2 supported connection to ensure secure connections. There have been documented attacks against TLS 1.0 using an older encryption method and the older versions are more vulnerable than TLS 1.2. For more information, see Attacks Against TLS/SSL.
When will this change happen?
TLS 1.0 and TLS 1.1 deprecation will take place on January 13, 2020. After the date of deprecation, you will not be able to connect to Marketo Engage services using browsers or applications not compatible with TLS 1.2.
Marketo Engage encourages users to quickly abandon older versions of TLS to avoid exposure to security vulnerabilities.
How does TLS affect you?
Marketo Engage services are web-based and can only be engaged through a secure network connection. TLS helps ensure a secure and reliable connection between your browser or server and Marketo web services, which includes anything that uses Marketo’s API, such as REST, SOAP, Munchkin, RTP, Mobile, and more.
As technology evolves, security standards are upgraded to ensure higher levels of privacy and data integrity. However, older applications are not updated to include the latest standards. As the acceptable level of security rises, these older, less secure applications are left behind.
To be able to connect to Marketo Engage services, update your browsers and application frameworks to a version that supports TLS 1.2.
How does TLS affect your customers?
Marketo Engage landing pages will be served to your visitors through TLS 1.2 secured connections. Any browser updated since late 2013 (except Chrome, updated since 2017) will be TLS 1.2 compliant; further, Apple, Google, Microsoft, and Mozilla have all announced their plan to completely disable TLS 1.0 & 1.1 support by the first half of 2020, so we expect very minimal impact to visitors. If visitors report a loss of connectivity to Marketo Engage hosted landing pages as a result of this change, they will need to update to a compatible browser version.
What error message will return to a non-compliant connection?
The exact error messaging returned depends on the browser or application framework being used to connect to Marketo Engage web services. Some examples include but are not limited to:
To resolve these errors, the browser or application framework must be updated to a version compatible with TLS 1.2.
TLS 1.2 Compatibility
March 20, 2017
October 29, 2013
October 17, 2013
October 8, 2013
October 22, 2013
Google Android OS Browser
Chrome for Android
Firefox for mobile
Java 8, or later
.NET 4.6, or later
OpenSSL 1.01, or later
Java 7, with TLS 1.2 enabled in app
.NET 4.5, with TLS 1.2 enabled in app