Stronger security with TLS 1.2 update

Workato is upgrading to TLS 1.2  in order to align with industry best practices for security and data integrity. TLS 1.2 is currently the most widely used version of TLS and has made several improvements in security compared to TLS 1.1. The enhancements in encryption of TLS 1.2 allows it to use more secure hash algorithms such as SHA-256 as well as advanced cipher suites that support authenticated encryption for other data modes.

Workato will no longer provide support for products and services that rely on the Transport Layer Security (TLS) 1.1 or lower encryption protocol as of September 15, 2019.

What does this mean for you?

Starting on September 15, 2019, your applications, services, and browsers using the TLS 1.1  encryption protocol will be blocked from accessing Workato services. We are removing support for the deprecated TLS 1.1 encryption protocol on our public endpoints:

  • www.workato.com
  • apim.workato.com

What do you need to do?

  • Ensure you are using a TLS 1.2 compliant version of applications and browsers before September 15, 2019in order to avoid issues using Workato services.
  • Using non-compliant versions of applications and browsers after September 15, 2019 will result in loss of access to Workato services.

You can test your existing browsers and programmatic clients (e.g. webhook senders, API clients) by substituting the hostname in the URL with a “TLS 1.2 preview” equivalent:

  • www.workato.com → www-tls12.workato.com
  • apim.workato.com → apim-tls12.workato.com

IP Whitelist Users:

The TLS 1.2 preview endpoints resolve to a different set of IP addresses.  If you have restricted outbound traffic due to security policies, for this test these three IP addresses must be added to the whitelist:

  • 34.230.137.25
  • 52.54.149.67
  • 54.175.138.22

Single Sign-On (SSO) Users:

If you use Single-Sign-On e.g. OKTA, One Login or other to log in to Workato, the `www-tls12.workato.com` address may not work with your SSO provider. This doesn’t affect the testing of TLS 1.2 readiness. If your browser can successfully navigate to the login page using that hostname, the TLS 1.2 test is successful.

What is TLS?

  • TLS stands for “Transport Layer Security” and is a widely deployed security protocol that is used to securely exchange data over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS, to date, are TLS 1.0, 1.1,1.2 and 1.3
  • Workato Web and API connections,, use TLS as a key component of their security.

Why is TLS 1.1 being deprecated?

Although there are no known exploitable issues, TLS 1.1 is deprecated and no longer supported by many well-known sites like Office 365 and GitHub.  Most browsers will disable it in 2020, and standards are beginning to require removal of TLS 1.1 support (e.g. PCI).

What happens after TLS 1.1 is disabled?

  • Any users using non-compliant versions of applications, services, and browsers after TLS 1.1 is disabled will experience issues accessing Workato services.
  • Users on a non-compliant Workato application, services, and browsers will need to manually resolve any issues.
  • Users are required to upgrade their browser to a version that supports TLS 1.2 or higher. Most modern browsers support TLS 1.2 or higher. To determine whether your browser supports TLS 1.2 or higher, go here.
  • Anyone using 3rd-party applications that do not support TLS 1.2 or higher must upgrade those applications.
  • Developers of such 3rd-party applications also must upgrade their applications to support TLS 1.2 or higher.

Please reach out to support@workato.comwith help on any issues regarding this TLS 1.1 deprecation.