Marketing Cloud Engagement TLS 1.3 Rollout

In order to align with industry best practices for security and data integrity, Salesforce is in the process of rolling out TLS 1.3 for Marketing Cloud Engagement. This change should be relatively transparent, as in most cases libraries will negotiate for the highest version of TLS protocol. However, there are some older library versions, which default to TLS 1.2 or do not support TLS 1.3. In this situation, TLS 1.2 must be explicitly configured for use.

What is the change?

This change could impact your web browser or API integration connections to the Marketing Cloud, including your ability to log into the Marketing Cloud.

What actions should I take?

No action is required if your TLS handshake library supports TLS 1.3. If your TLS handshake library does not support TLS 1.3, you will need to add a configuration to continue using TLS 1.2.

How am I impacted?

Most libraries should negotiate for the highest version of TLS protocol. However, there are some older library versions, which default to TLS 1.2 or do not support TLS 1.3. In this situation, TLS 1.2 must be explicitly configured for use.

More information on Salesforce TLS Ciphers: Supported TLS Cipher Suites