FAQ: What do I need to know about TLS 1.2 and the ArcGIS Platform?
What do I need to know about TLS 1.2 and the ArcGIS Platform?
Esri is committed to providing strong security for the ArcGIS Platform by using the latest industry standards and best practices for security protocols. To meet these industry expectations, we made an important configuration change to ArcGIS Online in April 2019 that affects ArcGIS software and custom solutions. With this change, we are enforcing the use of TLS (Transport Layer Security) version 1.2 only, and have removed support for earlier TLS versions 1.0 and 1.1.
To help with this change, below is a list of frequently asked questions. Please check back often as we will continually add responses based on your feedback.
If you have a question that we have not addressed below or in other Esri TLS documentation, please visit the TLS space on GeoNet.
What is TLS?
TLS or “Transport Layer Security” is a widely deployed network security protocol. It provides privacy and data integrity between communicating applications over a network. You use TLS whenever accessing ArcGIS Online services, such as basemaps, geoprocessing services, and Living Atlas from ArcGIS Desktop, ArcGIS Enterprise, and other applications. For more information, see the Related Links section below.
Why isn’t Esri enforcing the newest version of TLS, TLS 1.3?
The final TLS 1.3 specification was released in August 2018 and implementations of TLS 1.3 are limited. For example, Microsoft has not yet released TLS 1.3 support for .NET. Industry best practice for production systems is to ensure availability of TLS 1.2.
Is the entire ArcGIS Platform affected?
The majority of the ArcGIS Platform uses TLS in secure web communications. However, different applications have different instructions to ensure continued connectivity to secure web services. For further details, please see the List of Affected Esri Products.
Will my product be impacted by the change to TLS 1.2?
To understand if your product is affected by the implementation of TLS 1.2, please see the List of Affected Esri Products.
Is every product in the ArcGIS Desktop suite (ArcGIS Pro, ArcMap, ArcCatalog, etc.) affected in the same way?
All currently supported versions of ArcGIS Pro require no action. All currently supported versions of ArcGIS Desktop 10.x require version-specific actions. See the Esri TLS Support Page for more information.
If I don't make any updates or install any patches, what is known to not work?
Any application requesting to connect to ArcGIS Online or any web services that use TLS 1.2 only will fail to connect. Examples include, but are not limited to, ArcGIS Online, base maps, geocoding services, ready-to-use routing services, Living Atlas, and so forth.
Will there be any patches released for ArcGIS Enterprise, ArcGIS Server, or Portal for ArcGIS?
No, please refer to the following Technical Article for additional information regarding required steps for your software version and operating system. FAQ: How is ArcGIS Enterprise and its associated software components, ArcGIS Server and Portal for ArcGIS, affected by disabling TLS 1.0 and 1.1?
When will the TLS 1.2 patches be available for all versions of ArcGIS Desktop?
Patches are available for all supported versions of ArcGIS for Desktop, and are available here: ArcGIS Desktop TLS Patch. To get updates about patches and other TLS 1.2 information, please click the subscribe button on the bottom of the Esri Support TLS page.