SAP SuccessFactors Learning will be upgrading to the latest SAP JVM in all Datacenters with the 2H 2021 Release (b2111).
Dates for the deployment are
- Preview Environment : October 15, 2021
- Non-Preview (Environment) : November 19, 2021
As a result, only TLS 1.2 and TLS 1.3 encryption protocols will be supported for all outbound connections.
Note: Since this feature is going out for 2H 2021 (b2111) Release, (VSaaS) Validated Customers would not be impacted until they receive the upgrade next year (2022). Release dates will be updated in the community.
SAP SuccessFactors Learning Management System, LMS
SAP SuccessFactors Learning will not support TLS 1.0 and TLS 1.1 for all outbound connections, to align with industry best practices for security and data integrity.
SAP SuccessFactors will be upgrading to the latest SAP JVM in the Non-Production environments for all Datacenters on October 15, 2021 , and on November 19, 2021 in the Production environments. As a result, TLS 1.0 and TLS 1.1 encryption protocols will be disabled by default and will not be supported for all outbound connections.
Action is required before this date to prevent any disruption to your Non- Production and Production instances.
This Knowledge Base Article contains all of the information currently available on SAP SuccessFactors not supporting TLS 1.0 and 1.1 encryption protocols for all OUTBOUND connections. Please review the document for guidance on preparing for this change.
Table of Contents
- What is TLS?
- What is the change?
- How will customers be impacted?
- Why is this happening?
- How can customers avoid being negatively impacted?
- How and when will SuccessFactors implement the change?
What is TLS?
TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification.
Almost all communication between SuccessFactors products (LMS) and customer end points and vendor integrations is through HTTP/web protected by encryption using one version of TLS or another. STARTTLS SMTP (e-mail) also use TLS as a key component of their security.
SuccessFactors’ servers support several versions of the TLS protocol, TLS 1.2 and 1.3. At the start of communication (handshaking phase), SuccessFactors’ server and external vendors exchange their supported TLS versions and choose the highest version they both support to carry out the rest of the communication.
TLS 1.0 and 1.1 has been found weak in protection especially when combined with weak ciphers. The prevailing best security practice is to remove TLS 1.0 and 1.1 support all together. They have been superseded by more secure and modern versions (TLS 1.2 and 1.3).
SAP SuccessFactors Learning will be upgrading to the latest SAP JVM in the Non-Production environments for all Datacenters on October 15, 2021 , and on November 19, 2021 in the Production environments. As a result, TLS 1.0 and TLS 1.1 encryption protocols will be disabled by default and will not be supported for all outbound connections
After SAP SuccessFactors Learning upgrades to the latest SAP JVM, any outbound connections from SuccessFactors LMS that rely on TLS 1.0 and 1.1 will fail.
Customers must check with their vendors regarding external vendor integrations to ensure that they are compatible with TLS 1.2 or TLS 1.3. Examples of external vendor integrations include but are not limited to the below
|Areas with Outbound Connections||Potential Impact|
|Connectors & Report Export (Standard)||No|
|Connectors & Report Export (Custom SFTP)||Yes, please check with the SFTP Vendor (Internal IT Team)|
|E-mail (Custom SMTP)||Yes, please check with the SMTP Vendor (Internal IT Team)|
|CrossDomain||Check with your Internal IT Team|
|Gamification||Please check with your gamification service provider|
Open Content Network (OCN)
|Please check with your OCN service provider|
|LearnFit / Leonardo Recommendation||No|
|PayPal Payment Gateway||No|
|VLS (Adobe, WebEx, Zoom, Skype, Teams)||No|
The action required by your organization will depend on which channels are used to access your SuccessFactors Learning. Please check the relevant topics above to be directed to the required actions pages(s).
At SuccessFactors, Trust is our #1 value and SAP SuccessFactors is focused on continually helping our customers improve their security by using the latest security protocols. SuccessFactors Learning will require TLS 1.2 and later encryption protocol in an effort to maintain the highest security standards and promote the safety of customer data.
SAP SuccessFactors Learning will be upgrading to the latest SAP JVM in the Non-Production environments for all Datacenters on October 15, 2021 , and on November 19, 2021 in the Production environments. As a result, only TLS 1.2 and TLS 1.3 encryption protocols will be supported for all outbound connections.
SuccessFactors LMS, Learning Management System, TLS 1.0 disablement, TLS 1.1 disablement, TLS encryption protocol disablement, encryption protocol disablement for outbound connection , KBA , LOD-SF-LMS , Learning Management System , Product Enhancement