(How to) Enable TLS 1.3 as the default protocol in a instance?

Go to solution
pparra
Tera Contributor

‎03-07-2023 12:53 PM

Dear people:

 

A financial customer is asking to enable TLS 1.3 as the default protocol to have an integration with other parties, internal and external. I've been checking the documentation and community forum but I didn't find a possible solution. Is it possible in a Service Now instance? If yes, how can this be achieved?

  • 2,493 Views
1 ACCEPTED SOLUTION

Go to solution
Dipu Joy
ServiceNow Employee
ServiceNow Employee

‎04-09-2025 07:16 PM

> We do support TLS 1.3, however, it is not enabled by default in Customers' instances
> If a customer would like to use TLS 1.3, ServiceNow can enable that for the customer (Please raise a new case requesting that)
> When TLS 1.3 is enabled, ServiceNow will still continue to use TLS 1.2 as well (ServiceNow is unable to set TLS 1.3 as the default TLS)
> Enabling TLS v1.3 is transparent. If an application is not able to establish TLS v1.3 it will fallback to TLS v1.2 automatically.
> The TLS will be enabled at the cluster level. So all the instances will have the TLS version 1.3 when updated. This cannot be done to a specific instance
> As this is an infrastructure feature, there is no document about it.

View solution in original post

3 REPLIES 3

Go to solution
Dipu Joy
ServiceNow Employee
ServiceNow Employee

‎04-09-2025 07:16 PM

> We do support TLS 1.3, however, it is not enabled by default in Customers' instances
> If a customer would like to use TLS 1.3, ServiceNow can enable that for the customer (Please raise a new case requesting that)
> When TLS 1.3 is enabled, ServiceNow will still continue to use TLS 1.2 as well (ServiceNow is unable to set TLS 1.3 as the default TLS)
> Enabling TLS v1.3 is transparent. If an application is not able to establish TLS v1.3 it will fallback to TLS v1.2 automatically.
> The TLS will be enabled at the cluster level. So all the instances will have the TLS version 1.3 when updated. This cannot be done to a specific instance
> As this is an infrastructure feature, there is no document about it.

Go to solution
2mustang
Tera Contributor
In response to Dipu Joy

‎06-03-2025 01:52 PM

@Dipu Joy From ServiceNow's perspective is there any reason to not ask to have this enabled? If 1.3 is being used and 1.2 is the fallback wouldn't it be good to have that enabled for sending outbound data? I am thinking emails in this case

0 Helpfuls

Go to solution
sritchie
Kilo Contributor
In response to 2mustang

‎08-06-2025 09:26 AM

I second @2mustang  's ask,  TLS 1.3 should be standard for interfaces, APIs and integrations, fallback to TLS 1.2.   This would support a first step in post-quantum migration.  

0 Helpfuls