|April 26, 2018||June 14, 2018||June 13, 2018|
Zendesk support for TLS versions 1.0 and 1.1 is being discontinued on June 13, 2018.
Customers and integrations that connect to Zendesk products need to upgrade to TLS 1.2 or later. This includes agent browsers and web application environments such as Node.js that are hosting integrations.
Zendesk relies on HTTPS and the Transport Layer Security (TLS) protocol to encrypt connections to Zendesk products. To ensure system security and maintain compliance with the PCI Data Security Standard (PCI DSS) Zendesk is updating its product suite to require TLS 1.2 or higher for all connections.
This article covers the following topics:
- What does this mean?
- Why is Zendesk removing this?
- Am I affected?
- What do I need to do?
- What browsers do I need to use?
- What happens if I didn't migrate before the removal date?
- Who should I contact if I need help or have questions?
Zendesk will stop accepting TLS 1.0 and TLS 1.1 based connections beginning June 13, 2018. Browsers, scripts, and web applications using TLS 1.0 or 1.1 will not be able to connect.
Between the announcement and discontinuing, Zendesk will not make any feature enhancements to connections supporting TLS versions 1.0 and 1.1 but will continue to make minor bug and security fixes at our discretion.
After discontinuing, Zendesk will no longer address bugs and issues specific to TLS 1.0 and TLS 1.1 connections. We will continue to resolve any major breakage in functionality until the discontinuation date. After discontinuing, Zendesk will not provide support for TLS versions 1.0 and 1.1 connections.
After the discontinuation date, connections attempting to use TLS versions 1.0 and 1.1 will fail and you will be unable to access Zendesk products.
To ensure the security of our systems, it is important to only support modern security standards. This has been reiterated by the PCI Council. They have mandated that support for version 1.0 of the TLS cryptographic standard should be deprecated by June 30, 2018 for companies to stay compliant with the PCI Data Security Standard (PCI DSS).
For more details, see the Zendesk End of Life policy, How much notice will Zendesk give for feature deprecations.
All Zendesk products, including calls to Zendesk APIs, are impacted by this change.
- Android Support Mobile SDK: The latest version of the Support SDK (2.0.0) will work without issue on Android 4.1 and later. Previous versions of the SDK will work without issue on Android 5.0 and later, but will fail to make any connections on any earlier versions of Android. We recommend upgrading your app to Support SDK 2.0 as soon as possible.
- Visitor traffic from IE 10 and below will no longer load the Chat widget, including custom widgets using the Web SDK
- Visitor traffic from Android Browser on Android 4.4.4 and below will no longer load the Chat widget, including custom widgets using the Web SDK
Using the Chrome browser on same the devices will load the Chat widget and Web SDK
- Android Mobile App: New minimum supported Android OS version is 4.1 (previously 4.0.1-4.0.4) for the Zendesk Chat Android app
- Android Chat Mobile SDK: Apps using the Android Chat SDK will not be able to make chat connections for devices below version 5.0.
- Agent logins to the Message dashboard will no longer work if IE 10 and below is used
- Any web application calling Zendesk APIs and attempting to make a connection using TLS 1.0 or 1.1 will no longer work
For your agents: Be sure that they are running on a modern browser, such as Internet Explorer 11, Mozilla Firefox 27, Google Chrome 30, or Apple Safari 7 or newer. If any agents are not using one of these browser versions or newer, they will need to update.
For your customers: Know that they will be able unable to connect to your Zendesk if they are using older browsers. They will need to be using a current browser, such as Internet Explorer 11, Mozilla Firefox 27, Google Chrome 30, or Apple Safari 7 or newer. Mobile versions of Zendesk will also fail to connect securely on Android OS version 4.1 and below, or the Android Browser on Android 4.4.4 and below. Customer's with iOS devices prior to iOS 5.1 will also be unable to connect to Zendesk. Customers should update the version of mobile operating systems to gain support for TLS 1.2 or use a more modern browser with support for TLS 1.2.
For your web applications: Make sure your environment (such as Node.js) is making connections to Zendesk using TLS 1.2 or higher.
|Internet Explorer||Edge||Firefox||Chrome||Safari||iOS Safari||Opera Mini||Chrome for Android||UC Browser for Android||Samsung Internet|
You will be unable to access Zendesk products beginning June 13, 2018.
You may receive errors such as "Unknown SSL protocol error in connection", "The request was aborted: Could not create SSL/TLS secure channel", "ECONNRESET", "ERROR CONNECTION RESET", "SocketException", "Connection was forceably closed by host", "EPROTO", ....
Please contact email@example.com with any additional questions.