Transport Layer Security (TLS) in Slack

On February 19, 2020, Slack will discontinue support for Transport Layer Security (TLS) versions 1.0 and 1.1. We're making this change to align with industry best practices for security and data integrity.

After February 19, requests sent to Slack from any service that has not been upgraded to TLS 1.2 will fail. Read on for details about who this change will impact and how to prepare.  

We’re here to help! Reach out to our Support team with questions and we’ll get back to you soon.

What is TLS?

  • TLS is a security protocol designed to ensure privacy and data integrity when two web-based applications send and receive information using encryption and endpoint identity verification.
  • It’s the most widely deployed security protocol used in web browsers and other applications that send data over networks.

 

Who’s impacted?

This change will affect anyone who accesses Slack from an older web browser or a device running an older operating system that is not compatible with TLS version 1.2.

Check your browser or device’s TLS compatibility.

 

Which Slack services are affected?

To continue using Slack without issues after February 19, all customers will need a device with an updated operating system and Slack app, or a supported web browser.

Browsers, operating systems, and Slack apps

The browser, operating system, and Slack app versions listed in our Minimum requirements for using Slack article are all upgraded to support TLS 1.2.

If you’re already connecting to Slack from a compatible browser, device, or app you don’t need to make any changes. If you find that your browser or device is not compatible, you’ll need to update to a supported version to maintain access to Slack after February 19.


Apps and integrations

Apps are software that connect a service or tool to Slack. Many apps are available for anyone to install from the Slack App Directory; others are built by teams for internal use in their Slack workspaces.

We have reached out to all developers with apps listed in the App Directory that need to be upgraded. Any third-party apps installed to your workspace will continue to work as expected as long as the developer makes the changes we’ve suggested.

 

Resources for Owners and Admins

Owners and Admins can view or download a list of affected users and internal apps in your workspace or Enterprise Grid org. This list will refresh daily, and show:

  • Any users who have accessed Slack from an outdated app or browser in the past seven days
  • Any apps not upgraded to TLS 1.2 that have sent requests to or received requests from Slack in the past seven days

Free, Standard, and Plus plans

Enterprise Grid plan

To view your workspace's data, sign in to Slack. Then, follow the steps below:
  1. From your desktop, click your workspace name in the top left.
  2. Select Administration from the menu, then choose Workspace settings.
  3. From the left sidebar, click Support for Transport Layer Security (TLS)
  4. Below Affected Users, you'll find a list of users accessing Slack from non-compliant browsers and devices and their email addresses. Below Affected Integrations, you'll find non-compliant internal apps and integrations as well as contact info for the developer(s).
  5. To download a report, click Download CSV.

Tip: If you're using CSV reports, download a new report each day for the latest information.

To view your data, sign in to Slack. Then, follow the steps below:
  1. From your desktop, click your workspace name in the top left.
  2. Select Administration from the menu, then choose Organization settings.
  3. From the left sidebar, click Security. Then, select Transport Layer Security.
  4. Below Affected Users, you'll find a list of users accessing Slack from non-compliant browsers and devices and their email addresses. Below Affected Integrations, you'll find non-compliant internal apps and integrations as well as contact info for the developer(s).
  5. To download a report, click Download CSV.

Tip:If you're using CSV reports, download a new report each day for the latest information.

 

Resources for developers

Do you own an app? Visit the TLS deprecation page on Slack API to see if your apps or integrations are affected.

To review documentation for upgrading apps to TLS 1.2, visit the Slack API Changelog.

Note: The TLS deprecation resources on Slack API are only available in English.