Salesforce is requiring an upgrade to TLS 1.2 by September/October 2019 in order to align with industry best practices for security and data integrity.
Details can be found here: https://help.salesforce.com/articleView?id=000221207&type=1
Many of you may remember a few years ago when Salesforce disabled TLS 1.0; this is a similar action, but now applies to TLS 1.1. Current versions of TLS are now 1.2 and 1.3.
Below are a few points; however, we encourage you to check out the link mentioned above for more specific details.
How will customers be impacted?
After Salesforce disables TLS 1.1, any inbound connections to or outbound connections from your Salesforce org that rely on TLS 1.1 will fail. This will impact a number of Salesforce services, including access to websites including Salesforce Communities, Customer and Partner portals, Force.com and Site.com.
How and when will Salesforce implement the change?
The timeframs for disabling the use of TLS 1.1 in your Salesforce environment can be found below. Each listed service must be compatible with TLS 1.2 or later by the dates indicated.
|Service||TLS 1.1 Disablement Schedule|
New production orgs created with Salesforce Summer '19 or later
TLS 1.1 is disabled by default.
New production orgs created with Summer '19* or later will have the "Require TLS 1.2 or higher for HTTPS connections" Critical Update Console (CRUC) setting auto-enabled. This will disable TLS 1.1 by default.
September 20, 2019
Existing Sandbox Ogs
September 20, 2019, TBD PDT (UTC)
All existing sandbox orgs - whether existing, refreshed, or new - will have TLS 1.1 automatically disabled and will required TLS 1.2 or later in HTTPS connections to or from the sandbox org.
October 25, 2019
Existing Production Orgs
|All existing production orgs will have TLS 1.1 automatically disabled and will require TLS 1.2 or later in HTTPS connections to or from the production org.|