Overview

TLS ensures that a connection to a remote endpoint is to the intended destination through encryption and endpoint identity verification. Increasingly, organizations which provide software as a service (SaaS) products are discontinuing their support for the TLS 1.0 encryption protocol and moving to TLS 1.1, which would affect the ability of other services reliant on TLS 1.0 to successfully integrate.

Platforms like Salesforce's web and API connections, along with email delivery, use TLS as a key component of their security. HTTPS (web) and STARTTLS SMTP (email) also use TLS as a key security component.

Is 8x8 TLS 1.1 Compliant?

The following chart shows the TLS status of 8x8’s integrations into Salesforce and expected dates for TLS 1.1 compatibility:

Product

TLS 1.1 compliant?

Notes

Virtual Office Integration (No SSO)

Yes

Based on TLS 1.1 from beginning.

Virtual Office Integration (With SSO)

Yes

Completed and tested Feb 2017.

Virtual Contact Center

Yes

Completed and tested Feb 2017.

8x8 Salesforce Integrations and TLS 1.1

In particular, starting in June 2016, Salesforce will begin disabling the TLS 1.0 encryption protocol in a phased approach across impacted Salesforce services. The disablement of TLS 1.0 will prevent it from being used to access the Salesforce service within inbound and outbound connections.

After Salesforce disables TLS 1.0, any inbound connections to or outbound connections from your Salesforce org will need to use the TLS 1.1 or TLS 1.2 encryption protocol. This change will impact your user access to a number of Salesforce services, including access to websites, such as Salesforce Communities, Customer and Partner portals, Force.com sites, and Site.com.

Salesforce has already enabled TLS 1.1 and TLS 1.2 for outbound connections from Salesforce, and TLS 1.1 and 1.2 is already enabled in connections to Salesforce.

The timeframes, as of Feburary 15th 2017, for disabling the use of TLS 1.0 to and from Salesforce can be found below. Each listed service must be compatible with TLS 1.1 or later by the dates below.

Service

TLS 1.0 Disablement Schedule

New production orgs

(Summer '16 or later)

TLS 1.0 is disabled by default.

New production orgs created with Summer ‘16 or later will have the Require TLS 1.1 or higher for HTTPS connections Critical Update Console (CRUC) setting auto-enabled. This will disable TLS 1.0 by default.

This setting can be deactivated by the customer to enable TLS 1.0 as needed for TLS compatibility testing. Click here for details on user permissions required to view and change the setting.

Sandbox orgs

June 25, 2016, at 9:30 AM PDT (16:30 UTC)

After this date and time, all sandbox orgs -- whether existing, refreshed, or new -- will have TLS 1.0 automatically disabled and will require TLS 1.1 or later in HTTPS connections to or from the sandbox org. The Require TLS 1.1 or higher for HTTPS connections CRUC setting will not be available.

Production orgs

July 22, 2017

login.salesforce.com,

other services*

TBD (On or after the production disablement)

More information from Salesforce: