How do I disable SSL ciphers?

Issue

You want to disable SSL ciphers.

Resolution

Unfortunately we do not have the ability to disable specific ciphers. Our endpoints use the predefined AWS SSL Security Policies: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html

We do have more customization available for apps in Private Spaces. You can read the details here: https://devcenter.heroku.com/articles/routing-in-private-spaces#ssl-security

An alternative option would be to use Cloudflare or some similar service that can terminate your SSL (with more customization options) and proxy requests to the Heroku app.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support