SAP Knowledge Base Article - Public

3091177 - TLS 1.0 and TLS 1.1 Encryption protocols deprecation for SAP SuccessFactors Learning Outbound connections [LMS b2111]

Symptom

SAP SuccessFactors Learning will be upgrading to the latest SAP JVM in all Datacenters with the 2H 2021 Release (b2111).

Dates for the deployment are

  1. Preview Environment : October 15, 2021
  2. Non-Preview (Environment) : November 19, 2021

As a result, only TLS 1.2 and TLS 1.3 encryption protocols will be supported for all outbound connections.

Note: Since this feature is going out for 2H 2021 (b2111) Release, (VSaaS) Validated Customers would not be impacted until they receive the upgrade next year (2022). Release dates will be updated in the community.

Environment

SAP SuccessFactors Learning Management System, LMS

Resolution

SAP SuccessFactors Learning will not support TLS 1.0 and TLS 1.1 for all outbound connections, to align with industry best practices for security and data integrity.

SAP SuccessFactors will be upgrading to the latest SAP JVM in the Non-Production environments for all Datacenters on October 15, 2021 , and on November 19, 2021 in the Production environments. As a result, TLS 1.0 and TLS 1.1 encryption protocols  will be disabled by default and will not be supported for all outbound connections.

Action is required before this date to prevent any disruption to your Non- Production and Production instances.

This Knowledge Base Article contains all of the information currently available on SAP SuccessFactors not supporting TLS 1.0 and 1.1 encryption protocols for all OUTBOUND connections. Please review the document for guidance on preparing for this change.

Table of Contents

What is TLS?

TLS stands for “Transport Layer Security.” It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification.

Almost all communication between SuccessFactors products (LMS) and customer end points and vendor integrations is through HTTP/web protected by encryption using one version of TLS or another. STARTTLS SMTP (e-mail) also use TLS as a key component of their security.

SuccessFactors’ servers support several versions of the TLS protocol, TLS 1.2 and 1.3.  At the start of communication (handshaking phase), SuccessFactors’ server and external vendors exchange their supported TLS versions and choose the highest version they both support to carry out the rest of the communication.

TLS 1.0 and 1.1 has been found weak in protection especially when combined with weak ciphers. The prevailing best security practice is to remove TLS  1.0 and 1.1 support all together. They have been superseded by more secure and modern versions (TLS 1.2 and 1.3).



What is the change? 

SAP SuccessFactors Learning will be upgrading to the latest SAP JVM in the Non-Production environments for all Datacenters on October 15, 2021 , and on November 19, 2021 in the Production environments. As a result, TLS 1.0 and TLS 1.1 encryption protocols will be disabled by default and will not be supported for all outbound connections

How will customers be impacted?

After SAP SuccessFactors Learning upgrades to the latest SAP JVM, any outbound connections from SuccessFactors LMS that rely on TLS 1.0 and 1.1 will fail.

Customers must check with their vendors regarding external vendor integrations to ensure that they are compatible with TLS 1.2 or TLS 1.3.  Examples of external vendor integrations include but are not limited to the below

Areas with Outbound Connections Potential Impact
Connectors & Report Export (Standard) No
Connectors & Report Export (Custom SFTP) Yes, please check with the SFTP Vendor (Internal IT Team)
E-mail (Standard) No
E-mail (Custom SMTP) Yes, please check with the SMTP Vendor (Internal IT Team)
CrossDomain Check with your Internal IT Team
Gamification Please check with your gamification service provider

Open Content Network (OCN)

Please check with your OCN service provider
JAM Integration No
SkillSoft No
BizX Integration No
LearnFit / Leonardo Recommendation No
Hybris No
PayPal Payment Gateway No
KBA Search No
iContent No
VLS (Adobe, WebEx, Zoom, Skype, Teams) No

How can customers avoid a service disruption?

The action required by your organization will depend on which channels are used to access your SuccessFactors Learning. Please check the relevant topics above to be directed to the required actions pages(s).

Why is this happening?

At SuccessFactors, Trust is our #1 value and SAP SuccessFactors is focused on continually helping our customers improve their security by using the latest security protocols. SuccessFactors Learning will require TLS 1.2 and later encryption protocol in an effort to maintain the highest security standards and promote the safety of customer data.

How and when will SuccessFactors implement the change?

SAP SuccessFactors Learning will be upgrading to the latest SAP JVM in the Non-Production environments for all Datacenters on October 15, 2021 , and on November 19, 2021 in the Production environments. As a result, only TLS 1.2 and TLS 1.3 encryption protocols will be supported for all outbound connections.

See Also

 KBA 2861289 - TLS 1.1 encryption protocol disablement for SAP SuccessFactors

Keywords

SuccessFactors LMS, Learning Management System, TLS 1.0 disablement, TLS 1.1 disablement, TLS encryption protocol disablement, encryption protocol disablement for outbound connection , KBA , LOD-SF-LMS , Learning Management System , Product Enhancement

Product

SAP SuccessFactors Learning all versions