FAQ: What do I need to know about TLS 1.2 and the ArcGIS Platform?
What do I need to know about TLS 1.2 and the ArcGIS Platform?
Esri is committed to providing strong security for the ArcGIS Platform by using the latest industry standards and best practices for security protocols. To meet these industry expectations, we are making an important configuration change to ArcGIS Online in April 2019 that is likely to affect all ArcGIS software and custom solutions. With this change, we are enforcing the use of TLS (Transport Layer Security) version 1.2 only and will remove support for earlier TLS versions 1.0 and 1.1.
To help you plan for this change, below is a list of frequently asked questions. Please check back often as we will continually add responses based on your feedback.
If you have a question that we have not addressed below or in other Esri TLS documentation, please visit the TLS space on GeoNet.
What is TLS?
TLS or “Transport Layer Security” is a widely deployed network security protocol. It provides privacy and data integrity between communicating applications over a network. You use TLS whenever accessing ArcGIS Online services, such as basemaps, geoprocessing services, and Living Atlas from ArcGIS Desktop, ArcGIS Enterprise, and other applications. For more information, see the Related Links section below.
Why isn’t Esri enforcing the newest version of TLS, TLS 1.3?
The final TLS 1.3 specification was released in August 2018 and implementations of TLS 1.3 are limited. For example, Microsoft has not yet released TLS 1.3 support for .NET. Industry best practice for production systems is to ensure availability of TLS 1.2.
Is the entire ArcGIS Platform affected?
The majority of the ArcGIS Platform uses TLS in secure web communications. However, different applications have different instructions to ensure continued connectivity to secure web services. For further details, please see the List of Affected Esri Products.
Will my product be impacted by the change to TLS 1.2?
To understand if your product is affected by the implementation of TLS 1.2, please see the List of Affected Esri Products.
Is every product in the ArcGIS Desktop suite (ArcGIS Pro, ArcMap, ArcCatalog, etc.) affected in the same way?
All currently supported versions of ArcGIS Pro require no action. All currently supported versions of ArcGIS Desktop 10.x require version-specific actions. See the Esri TLS Support Page for more information.
If I don't make any updates or install any patches, what is known to not work?
Any application requesting to connect to ArcGIS Online or any web services that use TLS 1.2 only will fail to connect. Examples include, but are not limited to, ArcGIS Online, base maps, geocoding services, ready-to-use routing services, Living Atlas, and so forth.
Is there or will there be a test site that uses only TLS 1.2 that we can verify functionality against before the actual switch is done?
Yes, Esri posted a series of resources to help you test TLS 1.2 connections to ArcGIS online in this article. Esri will add more tests to this page as soon as they are made available.
Will there be any patches released for ArcGIS Enterprise, ArcGIS Server, or Portal for ArcGIS?
No, please refer to the following Technical Article for additional information regarding required steps for your software version and operating system. FAQ: How is ArcGIS Enterprise and its associated software components, ArcGIS Server and Portal for ArcGIS, affected by disabling TLS 1.0 and 1.1?
When will the TLS 1.2 patches be available for all versions of ArcGIS Desktop?
At the time of writing, the patches for ArcGIS for Desktop 10.2.1, 10.4., 10.4.1, 10.5.1, and 10.6.1 are available here: ArcGIS Desktop TLS Patch. For all other versions, Esri will release patches when available. To get updates about patches and other TLS 1.2 information, please click the subscribe button on the bottom of the Esri Support TLS page.
Will there be additional information provided as the estimated April 2019 TLS 1.2 implementation approaches?
UPDATE: Due to the partial shutdown of the U.S. federal government, Esri has postponed the TLS 1.2 implementation to April 16, 2019. Please read this announcement for more information. As we near the implementation, Esri will continually update TLS 1.2 documentation, including any date changes, solutions, patches, testing environments, and more. To be notified when new information is available, please click the subscribe button on the Esri Support TLS page or on any TLS technical article.