Important Updates for the ArcGIS Platform and Transport Layer Security (TLS) Protocol Support
Esri is committed to building and providing strong security for the ArcGIS Platform and helping our customers by using the latest security protocols. We strive to implement the highest industry standards, including TLS for data integrity and network security.
To meet these standards, Esri is making configuration information available and, where necessary, providing software updates across the ArcGIS platform to support TLS 1.2. As part of improving ArcGIS Online security, Esri is planning to require TLS 1.2 connections for ArcGIS Online services starting on April 16, 2019. Action will be required prior to this change to ensure continued access to these ArcGIS Online services.
What is TLS?
TLS or “Transport Layer Security” is a widely deployed network security protocol. It provides privacy and data integrity between communicating applications over a network. You use TLS whenever accessing ArcGIS Online services, such as basemaps, geoprocessing services, and the Living Atlas, from ArcGIS Desktop, ArcGIS Enterprise, and other applications.
How is the ArcGIS Platform affected?
The ArcGIS Platform uses the TLS protocol as a key component of its security for web and service API connections. This includes connections between our software, such as ArcGIS Desktop and ArcGIS Enterprise, with ArcGIS Online. ArcGIS Online currently supports connections using TLS versions 1.0, 1.1, and 1.2. After April 16, 2019, ArcGIS Online services will only accept connections using TLS 1.2.
Some software, like ArcGIS Pro, are already TLS 1.2 enabled. Other Esri software, such as ArcGIS Desktop, uses TLS 1.0—this software requires a patch or configuration change to support TLS 1.2 connections. Esri is releasing patches and instructions to update existing software to support these connections. A list of affected products is available on the Esri Software Products Affected by TLS 1.2 Implementation page.
Am I affected by the move to TLS 1.2?
TLS is part of the low-level internet security infrastructure and is generally transparent until an organization enforces higher levels of network security – usually by disabling the older vulnerable versions of TLS and SSL. Current IT best practice is to begin moving to TLS 1.2 for better network transport security. How might you be affected?
- Do your workflows require access to ArcGIS Online basemaps, story maps, the Living Atlas, hosted items, or other ArcGIS Online services? If they do, software you use that access ArcGIS Online will need to support TLS 1.2 connections to those services starting on April 16, 2019.
- Do you host a GIS portal with ArcGIS Enterprise that connects to ArcGIS Online? If you do, then you need to make sure your ArcGIS Enterprise deployment, including ArcGIS Servers and Portal for ArcGIS, is updated to support TLS 1.2 connections to ArcGIS Online starting on April 16, 2019.
- Do you utilize ArcGIS applications or third-party applications built on ArcGIS Runtimes that access ArcGIS Online from your desktop or mobile devices? If you do, you need to make sure those applications and device operating system configurations support TLS 1.2 connections to ArcGIS Online starting on April 16, 2019.
- Have you built any custom applications that access ArcGIS Online? If you have, you need to make sure those applications and device operating system configurations support TLS 1.2 connections to ArcGIS Online starting on April 16, 2019.
- Is your organization raising their network security requirements to require TLS 1.2 or higher and disabling older TLS and SSL versions? If they are, you will need to ensure your software and operating system environments are updated to support your new internal IT requirements by supporting TLS 1.2.
The resources below will help you determine if you need to take any action to update your software or operating system configurations to support TLS 1.2 with the ArcGIS family of products.
What are my next steps?
Look up your product or products on this page to determine if you use Esri software that will be impacted - Esri Software Products Affected by TLS 1.2 Implementation
Esri software that requires action includes ArcGIS Desktop, applications built on and extending ArcGIS Desktop, ArcGIS Enterprise, applications built with ArcGIS Engine (ArcObjects), and partner extensions that access ArcGIS Online services.
- If your applications are affected, you must take action for continued access. The product pages linked below provide more information about the options for enabling TLS 1.2 connections.
Do you have more questions about ArcGIS Online's implementation of TLS 1.2 and how this affects the ArcGIS Platform? To ask a question or see a list of frequently asked questions, please refer to the TLS 1.2 FAQ technical article.
- Esri Software Products Affected by TLS 1.2 Implementation
- How To: Test ArcGIS TLS 1.2 connections to ArcGIS Online
- Transport Layer Security - Wikipedia
- ArcGIS Platform SSL/TLS Support and Configuration Briefing - Esri Software Security & Privacy Team
- Transport Layer Security (TLS) best practices with the .NET Framework - Microsoft
- Reminder! Immediate Action Required - ArcGIS Security Update - Esri email (Jan. 22, 2019)
This page will be updated as more information becomes available. Subscribe here to receive update notifications.
This page was last modified on March 4, 2019.