Share This:

Salesforce is requiring an upgrade to TLS 1.2 by September/October 2019 in order to align with industry best practices for security and data integrity.


Details can be found here:


Many of you may remember a few years ago when Salesforce disabled TLS 1.0; this is a similar action, but now applies to TLS 1.1.  Current versions of TLS are now 1.2 and 1.3.


Below are a few points; however, we encourage you to check out the link mentioned above for more specific details.


How will customers be impacted?

After Salesforce disables TLS 1.1, any inbound connections to or outbound connections from your Salesforce org that rely on TLS 1.1 will fail.  This will impact a number of Salesforce services, including access to websites including Salesforce Communities, Customer and Partner portals, and


How and when will Salesforce implement the change?

The timeframs for disabling the use of TLS 1.1 in your Salesforce environment can be found below.  Each listed service must be compatible with TLS 1.2 or later by the dates indicated.


ServiceTLS 1.1 Disablement Schedule

June 2019

New production orgs created with Salesforce Summer '19 or later

TLS 1.1 is disabled by default.


New production orgs created with Summer '19* or later will have the "Require TLS 1.2 or higher for HTTPS connections" Critical Update Console (CRUC) setting auto-enabled.  This will disable TLS 1.1 by default.


*June 2019

September 20, 2019

Existing Sandbox Ogs

September 20, 2019, TBD PDT (UTC)


All existing sandbox orgs - whether existing, refreshed, or new - will have TLS 1.1 automatically disabled and will required TLS 1.2 or later in HTTPS connections to or from the sandbox org. 

October 25, 2019

Existing Production Orgs

All existing production orgs will have TLS 1.1 automatically disabled and will require TLS 1.2 or later in HTTPS connections to or from the production org.