Coupa will soon be disabling the TLS 1.0 encryption protocol. TLS 1.0 is used to connect to supplier's punchout catalogs and send and receive cXML POs and invoices. Additionally, IE9 and IE10 may need to reconfigured to support this change.
To ensure that there is no disruption in service, please review the deployment dates:
TLS 1.0 Deprecation Schedule
|Region||Sandbox Dates||Production Dates|
|APAC||Mar 17, 2019, 6:00pm - 9:00pm PST||Apr 7, 2019, 6:00pm - 9:00pm PST|
|EU||Mar 17, 2019, 6:00pm - 9:00pm PST||Apr 7, 2019, 6:00pm - 9:00pm PST|
|US||Mar 24, 2019, 6:00pm - 9:00pm PST||Apr 21, 2019, 6:00pm - 9:00pm PST|
Frequently Asked Questions
Why is Coupa disabling TLS 1.0?
TLS 1.0 is no longer considered strong cryptography. This disablement is taking place so we can maintain the highest security standards and promote the safety of your data as well as align with industry-wide best practices.
What does this mean for you?
You need to make sure all your current punchout and cXML suppliers support TLS protocols higher than TLS v1.0. There will also be a scheduled downtime on these days where your instance won’t be available.
What action do you need to take?
Older versions of Internet Explorer may need to be configured to support the change. See Enabling TLS 1.1 and 1.2 for IE9 and IE10 for more info.
All Integrations that access Coupa will have to support TLS 1.x following this change. Please take the opportunity prior to the migration to validate your active integration in the Coupa sandbox environment.
- API Integrations: applications accessing Coupa through the REST API will have to insure that TLS 1.x is enabled to be used for API communication with Coupa. Please validate any integrations accessing the Coupa REST API in your sandbox environment, prior to the time of migration.
- Supplier Integrations: cXML PunchOut / Purchase Order/ Invoice Integrations being received from suppliers and other external vendors will have to be sent using TLS 1.x
- Coupa Flat File (SFTP) Integrations: no changes are required for applications that currently send or retrieve data from the Coupa SFTP sites. SFTP is not vulnerable to a POODLE attack.
To test any outbound connections:
- Log into your test environment where your supplier punchout sites are configured.
- Change the configuration in each supplier punchout site to
- Test the punchout site. If you are able to enter the punchout site successfully and bring a cart back into Coupa then that supplier is compliant with our upcoming change. If it does not work, change the configuration to
- Test the punchout site again. If you are able to enter the punchout site successfully and bring a cart back into Coupa then that supplier is compliant with our upcoming change. If it does not work, then the supplier will not be compliant with our change. If this is the case, we strongly recommend you contact this supplier to understand their plan to support these higher versions of data security.
If a supplier plans to support these higher versions of TLS security at a later date than our deprecation, we will need written sign-off from you that you accept any data security risk.
Does supplier integration include punchouts?
Will there be any impact on EDI integrations via Boomi?
Is there anything else needed to be done for TLS settings in Chrome?
No, Chrome and Firefox both support newer versions of TLS. Internet Explorer also supports newer versions, but may need to be configured. See Enabling TLS 1.1 and 1.2 for IE9 and IE10 for more info.
How will this effect suppliers who invoice through CSP or ASN?
Shouldn't affect the functionality as CSP has already been updated to support TLS 1.1 and TLS 1.2.
Will TLS 1.1 and TLS 1.2 be supported?
Our servers will continue to support TLS 1.1, and TLS 1.2. We recommend that you make sure TLS 1.1, and TLS 1.2 are enabled on your end users' web browsers, and for suppliers and services that integrate with Coupa via API or cXML, including punchouts.
Where can I get more information?
If you have any questions, feel free to reach out to the Customer Care team at email@example.com or 1-800-385-7830.