New cipher suites for Private Space apps

Change effective on 19 June 2018

New TLS cipher suites are available for Private Space apps.

The new suites are:

  • spaces-tls-modern: TLSv1.2
  • default (no flag or setting): TLSv1.1, TLSv1.2
  • spaces-tls-legacy: TLSv1, TLSv1.1 and TLSv1.2

TLS for Private Space apps is configured using the features command. Make sure you disable any other TLS-related flags and then enable the suite you want for the app:

heroku features:disable spaces-strict-tls --app your-app
heroku features:enable spaces-tls-modern --app your-app

The new spaces-tls-legacy suite is the same as the previous default. The previous spaces-strict-tls suite (TLS 1.1 and 1.2, with some accommodations for older clients) is deprecated.

Only new apps will have the new default suite. Apps created before June 19th have been given a spaces-tls-legacy flag and will see no change in behavior.

Check out Dev Center for full docs. Dev Center also has details on the cipher-suites used with each setting.