Transport Layer Security (TLS) in Slack

On 19 February 2020, Slack will discontinue support for Transport Layer Security (TLS) versions 1.0 and 1.1. We're making this change to align with industry best practices for security and data integrity.

After 19 February, requests sent to Slack from any service that has not been upgraded to TLS 1.2 will fail. Read on for details about who this change will affect and how to prepare.  

We’re here to help! Reach out to our Support team with questions and we’ll get back to you soon.

What is TLS?

  • TLS is a security protocol designed to guarantee privacy and data integrity when two web-based applications send and receive information using encryption and endpoint identity verification.
  • It’s the most widely deployed security protocol used in web browsers and other applications that send data over networks.

 

Who’s affected?

This change will affect anyone who accesses Slack from an older web browser or a device running an older operating system that is not compatible with TLS version 1.2.

Check your browser or device’s TLS compatibility.

 

Which Slack services are affected?

To continue using Slack without issues after 19 February, all customers will need a device with an updated operating system and Slack app or a supported web browser.

Browsers, operating systems and Slack apps

The browser, operating system and Slack app versions listed in our Minimum requirements for using Slack article are all upgraded to support TLS 1.2.

If you’re already connecting to Slack from a compatible browser, device or app you don’t need to make any changes. If you find that your browser or device is not compatible, you’ll need to update to a supported version to maintain access to Slack after 19 February.


Apps and integrations

Apps are software that connect a service or tool to Slack. Many apps are available for anyone to install from the Slack App Directory; others are built by teams for internal use in their Slack workspaces.

We have reached out to all developers with apps listed in the App Directory that need to be upgraded. Any third-party apps installed to your workspace will continue to work as expected as long as the developer makes the changes we’ve suggested.

 

Resources for Owners and Admins

Owners and Admins can view or download a list of affected users and internal apps in your workspace or Enterprise Grid org. This list will refresh daily and show:

  • Any users who have accessed Slack from an outdated app or browser in the past seven days
  • Any apps not upgraded to TLS 1.2 that have sent requests to or received requests from Slack in the past seven days

Free, Standard and Plus subscriptions

Enterprise Grid subscription

To view your workspace's data, sign in to Slack. Then, follow the steps below:
  1. From your desktop, click your workspace name in the top left.
  2. Select Administration from the menu, then choose Workspace settings.
  3. From the left sidebar, click TLS Deprecation.
  4. Below Affected Users, you'll find a list of users accessing Slack from non-compliant browsers and devices and their email addresses. Below Affected Integrations, you'll find non-compliant internal apps and integrations as well as contact info for the developer(s).
  5. To download a report, click Download CSV.

Tip: if you're using CSV reports, download a new report each day for the latest information.

To view your data, sign in to Slack. Then, follow the steps below:
  1. From your desktop, click your workspace name in the top left.
  2. Select Administration from the menu, then choose Organisation settings.
  3. From the left sidebar, click Security. Then, select TLS Deprecation.
  4. Below Affected Users, you'll find a list of users accessing Slack from non-compliant browsers and devices and their email addresses. Below Affected Integrations, you'll find non-compliant internal apps and integrations as well as contact info for the developer(s).
  5. To download a report, click Download CSV.

Tip:if you're using CSV reports, download a new report each day for the latest information.

 

Resources for developers

Do you own an app? Visit the TLS deprecation page on Slack API to see if your apps or integrations are affected.

To review documentation for upgrading apps to TLS 1.2, visit the Slack API Changelog.

Note: the TLS deprecation resources on Slack API are only available in English.