How to check if your MID Server and Integration Endpoints are compliant with the TLS 1.2 requirementIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Beginning with the Utah release, March 2023, ServiceNow MID Server will no longer support TLS 1.1 or below. The instance had already had this restriction some time before. TLS 1.2, TLS 1.3 and newer protocols will not be impacted, and no action is needed. However, if you utilize TLS 1.1 or below, please take a moment to review the below. Here's what you can expect: Beginning with the Now Platform Utah, ServiceNow MID Server will no longer support TLS 1.1, TLS 1.0, SSL or below.All integrations communicating through the MID server with TLS 1.1 or below-supported servers will be restricted out-of-box from the Utah family release and TLS 1.2 will be enabled by default. Note: TLS 1.2 and newer protocols will not be impacted, and no action is needed. Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Utah+ Cause<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Unless a customer's server admin team has explicitly disabled TLS 1.2 in the past, maybe for an internal requirement, this is unlikely to effect your MID Server hosts, as TLS 1.2 support is standard in all major OS. It is however worth checking any integrations which these MIDs are connected to for TLS 1.2 compatibility, as this is more likely to be a failure point. These might be legacy systems, or older network gear, embedded system or appliances. Integration endpoints To check if a service/integration supports TLS 1.2, the following command can be run, replacing "domain.com" with the address of the integration endpoint and 443 with the correct port for the integration: openssl s_client -connect domain.com:443 -tls1_2 If you get the certificate chain and the handshake you know the service or integration in question supports TLS 1.2. If you see don't see the certificate chain, and something similar to "handshake error" you know it does not support TLS 1.2. (You can also test for TLS 1 or TLS 1.1 with -tls1 or tls1_1 respectively.) Linux MID Server host machines To check if the host machine running your Linux MID supports TLS 1.2, the following command can be ran to Google as a test address: openssl s_client -connect google.com:443 -tls1_2 If you get the certificate chain and the handshake you know the system in question supports TLS 1.2. If you see don't see the certificate chain, and something similar to "handshake error" you know it does not support TLS 1.2. Windows MID Server host machines To check if the host machine running your Windows MID supports TLS 1.2, please share the following Microsoft article with your POC for the server: Checking TLS version via registry entrieshttps://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings#tls-dtls-and-ssl-protocol-version-settings They will be able to follow the steps referenced and check the registry for the TLS version the machine has enabled. MID JDK Parameter One final check which can be made is for the jre/lib/security/java.security file in the MID agent folder. This should only be checked if your team are applying changes to this file after every patch upgrade currently, as this file is overwritten during the upgrade process. jdk.tls.disabledAlgorithms=TLSv1.2 If the version included in this parameter is TLSv1.2 as above, then this should be removed going forward to allow for TLS 1.2 version on the MID.