All you should know about TLS 1.2 and how ServiceNow is moving to it.
Web encryption is changing, and so is the ServiceNow security best practice around privacy and data integrity.
Now in Oct 2019, ServiceNow has also decided to retire1.0 and 1.1 and intends to move all its customers to TLS 1.2. This article will enable you to understand all about TLS and upcoming changes, which may impact integrations.
- Wondering what TLS is?
“Transport Layer Security” is the protocol that allows the handshake of your laptops/smartphones and then to communicate your sensitive information securely over the internet.
- How ServiceNow use TLS?
Anytime users/customers try to access ServiceNow from devices within seconds, this is what is happening to establish a secure session between users and ServiceNow Instance. For example, below lock sign in the URL confirms that the secure session has been established securely between customer and ServiceNow instance.
- What if I change the SSL certificate and not worry about the ServiceNow TLS change?
Certificate & Protocols are two different things, and Certificates are not dependent on protocols. SSL certificate only handles incoming traffic to the server and will not protect any calls that the server may make to other services.
- What is the impact? If I don’t upgrade my integrations?
Any legacy services that currently rely on TLS 1.1 or older versions will no longer be available. If there are custom legacy integrations or customer is using an old browser, then there is a significant impact.
- Finally, how do I prepare myself for this change
ServiceNow (Global Technical Support group) is contacting its customers that are using TLS1.0 or 1.1 and letting them aware of the change. Also, ServiceNow has published the Knowledge article: KB0746078
Written by –
Tribe – Architecture