How do I disable support for TLS 1.0 or 1.1 on a Heroku App?

Heroku offers several different ways to terminate TLS/SSL. Whether you can disable TLS 1.0 and/or 1.1 depends on which TLS termination method is configured for your app.

Common Runtime

TLS v1.0 and TLS v1.1 are no longer supported on the Heroku Common Runtime

Automated Certificate Management / Free Heroku SSL (SNI)

For applications using Automated Certificate Management or the free Heroku SSL (SNI) TLS 1.0 & TLS 1.1 cannot currently be configured but will have changes in the coming weeks, please see: TLS v1.0/v1.1 End Of Life Schedule

Private Spaces

The default suite supports TLSv1.1 and TLSv1.2 (but not TLSv1.0). It provides good security and is compatible with a large range of browsers and clients.

For more details and instructions on changing the cipher suites view the Private Spaces documentation.

New private space apps default to having spaces-tls-salesforce enabled, which requires TLS 1.2+.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support