What is happening
We are beginning the transition off TLS v1.0/v1.1 with a target End of Life Support date next year, July 31, 2021 for the Common Runtime, and early 2023 for Private Spaces. Between now and then a number of important changes will be made to the Heroku Platform, including:
- [COMPLETE] Disabling by default, TLS v1.0/v1.1 on new Private Space apps, effective June 25, 2020
- [COMPLETE] Disabling by default, TLS v1.0/v1.1 on all new Heroku apps, effective August 2, 2021
- [COMPLETE] Deprecate the Heroku SSL Endpoint feature. Creating new SSL Endpoints is disabled effective May 14, 2021
- [COMPLETE] Blocking all TLS v1.0/v.1.1 on Common Runtime apps and enforcing TLS 1.2+ on July 31, 2021 (See Private Spaces routing for TLS options in Private Spaces)
- [COMPLETE] Complete migration of all SSL Endpoints to use built-in platform TLS features, target date October 2021 - completed October 18th, 2021
- [PLANNED] Blocking all TLS v1.0/v.1.1 for Private Spaces apps and enforcing TLS 1.2+ April 28, 2023 (See Private Spaces routing for TLS options in Private Spaces)
After July 31st, 2021 clients can only connect to Heroku Common Runtime apps using TLS 1.2+. Clients that only support TLS 1.0 or 1.1 or that don't support SNI won't be able to connect.
After April 28, 2023 clients can only connect to Heroku Private Spaces apps using TLS 1.2+. Clients that only support TLS 1.0 or 1.1 or that don't support SNI won't be able to connect.
End of Life Schedule and Dates to Remember
|6/25/2020||Complete||All New Private Space Apps||TLS v1.2+ default|
|6/25/2020 through 7/31/2021||Complete||spaces-tls-salesforce cipher suite available||Migrate from TLS v1.0/v1.1 to v1.2+|
|Spring 2021||Complete||All New Heroku apps to use TLS v1.2+ cipher suite||TLS v1.2+ default|
|Spring 2021 through 7/31/2021||Complete||Customer reconfigurable Apps||Migrate existing apps from TLS v1.0/v1.1 to v1.2+|
|October 18, 2021||Complete||Deprecate SSL Endpoints||Built in Platform function. No longer necessary.|
|June through July 2021||Complete||Automatic Migration of common runtime apps to spaces-tls-salesforce cipher suite||Preparation for July 31 EoL|
|7/31/2021||Complete||TLS v1.0/v1.1||End of Life|
|10/18/2021||Complete||SSL Endpoints||End of Life|
|04/28/2023||Planned||TLS v1.0/v1.1 for Private Spaces||End of Life|
If you'd like to upgrade your apps in a Private Space to the most up-to-date security and infrastructure, we ask that you change the TLS cipher on your apps to enable the
spaces-tls-salesforce cipher suite by executing the following commands:
$ heroku features:disable spaces-strict-tls --app your-app $ heroku features:disable spaces-tls-legacy --app your-app $ heroku features:disable spaces-tls-modern --app your-app $ heroku features:enable spaces-tls-salesforce --app your-app
More details, as well as addition cipher suite options are described in the Routing in Private Spaces Dev Center Article.