[UPDATED: November 17, 2017: TLS 1.0 Email Disablement:


Beginning March 6, 2018, Salesforce will phase out the use of TLS 1.0 in the sending and receiving of email.  This disablement will be completed on all Salesforce instances by March 8, 2018.  See the link for details and how to check if your still using TLS 1.0 for outbout or inbound emails.


Useful tip for viewing email message headers for Outlook:  View e-mail message headers - Outlook ]



[UPDATED: June 23, 2017:  Salesforce TLS 1.0 Disablement Schedule has been published:


Important Links:




[UPDATED: Februrary 14, 2017:  Please be aware that Salesforce has decided to extend the disablement of TLS 1.0 to July 22, 2017.  Sandboxes have been extended to July 15, 2017. Salesforce continues to run webinars through the new disablement date.  You can register here.  While Salesforce has granted an extension, we encourage all customers and partners to think forward and make sure that all of your connections to Salesforce are using TLS 1.1 or later.]


Happy New Year everyone!


We wanted to take this opportunity to remind you that on July 22, 2017 Salesforce will permanently disable TLS 1.0.


So what exactly does that mean?


TLS stands for Transport Layer Security; commonly known as SSL.  SSL is what helps secure transaction across the vast interwebs. What you may not know is that TLS comes in versions (much like everything software or internet related).


For the longest time TLS was at version 1.0.  However, recent changes and the need for better and higher level security is causing many internet based companies to abandon TLS 1.0 for the more secure versions of TLS 1.1 and higher.


1.  So how does this impact you?

Well, it could impact you in a number of ways.  If you’re an existing Salesforce customer using Salesforce for not only Remedyforce but for managing your Sales and Marketing you may have a number of integration points to external systems.  Those systems need to be able to “talk” to Salesforce over TLS 1.1 on July 22nd or else, they’ll no longer be able to talk to each other.


If you’re a Remedyforce customer and using Pentaho and the version is older or you haven’t updated Java recently, this could also impact you.


In addition to integrations, older Internet Browsers can also be impacted by this change.


2.  Is there an easy way for me to see if I’m impacted?

I’m glad you asked! There is a way to see if you are impacted.


  1. Log into Salesforce.  Navigate to Setup, and in Quick Find type Login History.  Click on Login History.


  1. Under File Contents, click on the drop down and select “TLS 1.0 Logins ONLY”.


  1. Click Download Now to download the corresponding CSV file.


Review the resulting file. This will tell you if you have any incoming connections that are still using TLS 1.0.  If there are connections, you’ll need to research those and get those corrected else on July 22nd, those connections will fail.


3.  So what about Pentaho?

We have been actively testing with Pentaho 6.1 and JRE 1.8 (aka Java).  For the most part, a lot of our Pentaho packages will work; however there are some exceptions.


   a.  Atrium Integrator (On Premise – Bundled with Pentaho 4.1): You will need to make sure that where you have Atrium Integrator running that you have upgraded to JRE 1.8.


   b.  FootPrints Asset Core WebServices Integration Package: Totally unrelated to TLS 1.1, but we did find some issues with this package and Pentaho 6.1.  We have identified these as

       defects in Pentaho and have reported the issues to Hitachi where they are being addressed.  In the meantime, you can run Pentaho 5.1, 5.4, or Pentaho 6 as long as you are

       running JRE 1.8.


4.  What can I do now?

All new Sandboxes have had TLS 1.0 disabled permanently since June 2016 so you can setup your integrations against a Sandbox to verify everything will work.


Another more extreme way to test is that there is a Critical Update (CRUC) available on Production environments that you can enable or disable to do testing as well.


We HIGHLY recommend that you test first against a Sandbox.  If you’re confident everything is working, you can then enable the CRUC in Production (if it’s not enabled already).


5.  Where can I get more information?

Salesforce has been doing a great job providing lots of details.  They are also running a number of webinars over the next week or so.


  • Salesforce disabling TLS 1.0


  • Check out the attached PDF that will allow you to register for one of the upcoming Salesforce webinars.