TLS v1.0/v1.1 End Of Life Schedule

What is happening

We are beginning the transition off TLS v1.0/v1.1 with a target End of Life Support date next year, July 31, 2021. Between now and then a number of important changes will be made to the Heroku Platform, including:

  1. Disabling by default, TLS v1.0/v1.1 on new Private Space apps, effective June 25, 2020
  2. Disabling by default, TLS v1.0/v1.1 on all new Heroku apps, effective August 2, 2021
  3. Deprecate the Heroku SSL Endpoint feature. Creating new SSL Endpoints is disabled effective May 14, 2021
  4. Blocking all TLS v1.0/v.1.1 on Common Runtime apps and enforcing TLS 1.2+ on July 31st (See Private Spaces routing for TLS options in Private Spaces)
  5. Complete migration of all SSL Endpoints to use built-in platform TLS features, target date October 2021
  6. Blocking all TLS v1.0/v.1.1 for Private Spaces apps and enforcing TLS 1.2+ on September 30th, 2022 (See Private Spaces routing for TLS options in Private Spaces)

After July 31st, 2021 clients can only connect to Heroku Common Runtime apps using TLS 1.2+. Clients that only support TLS 1.0 or 1.1 or that don’t support SNI won't be able to connect.

After September 30th, 2022 clients can only connect to Heroku Private Spaces apps using TLS 1.2+. Clients that only support TLS 1.0 or 1.1 or that don’t support SNI won't be able to connect.

End of Life Schedule and Dates to Remember

Target Date Status Feature/Offering Notes/Comments
6/25/2020 Complete All New Private Space Apps TLS v1.2+ default
6/25/2020 through 7/31/2021 Complete spaces-tls-salesforce cipher suite available Migrate from TLS v1.0/v1.1 to v1.2+
Spring 2021 Complete All New Heroku apps to use TLS v1.2+ cipher suite TLS v1.2+ default
Spring 2021 through 7/31/2021 Complete Customer reconfigurable Apps Migrate existing apps from TLS v1.0/v1.1 to v1.2+
Fall 2021 Planned Deprecate SSL Endpoints Built in Platform function. No longer necessary.
June through July 2021 Planned Automatic Migration of common runtime apps to spaces-tls-salesforce cipher suite Preparation for July 31 EoL
7/31/2021 Complete TLS v1.0/v1.1 End of Life
10/18/2021 Planned SSL Endpoints End of Life
09/30/2022 Planned TLS v1.0/v1.1 for Private Spaces End of Life

If you'd like to upgrade your apps in a Private Space to the most up-to-date security and infrastructure, we ask that you change the TLS cipher on your apps to enable the spaces-tls-salesforce cipher suite by executing the following commands:

$ heroku features:disable spaces-strict-tls --app your-app
$ heroku features:disable spaces-tls-legacy --app your-app
$ heroku features:disable spaces-tls-modern --app your-app
$ heroku features:enable spaces-tls-salesforce —app your-app

More details, as well as addition cipher suite options are described in the Routing in Private Spaces Dev Center Article.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support