New cipher suites for Private Space apps
Change effective on 19 June 2018
New TLS cipher suites are available for Private Space apps.
The new suites are:
-
spaces-tls-modern
: TLSv1.2 - default (no flag or setting): TLSv1.1, TLSv1.2
-
spaces-tls-legacy
: TLSv1, TLSv1.1 and TLSv1.2
TLS for Private Space apps is configured using the features command. Make sure you disable any other TLS-related flags and then enable the suite you want for the app:
heroku features:disable spaces-strict-tls --app your-app
heroku features:enable spaces-tls-modern --app your-app
The new spaces-tls-legacy
suite is the same as the previous default. The previous spaces-strict-tls
suite (TLS 1.1 and 1.2, with some accommodations for older clients) is deprecated.
Only new apps will have the new default suite. Apps created before June 19th have been given a spaces-tls-legacy
flag and will see no change in behavior.
Check out Dev Center for full docs. Dev Center also has details on the cipher-suites used with each setting.