The announcement earlier this month of the “Heartbleed” bug (CVE-2014-0160) in OpenSSL once again focused attention on the technology used to secure communications on the Internet. Heartbleed was a very serious vulnerability and we moved as quickly as possible to patch systems and eliminate this threat on behalf of our customers.
But security is not just about fire drills, there are many steps that can be taken over time to continually improve security. Over the last months we have rolled out several security improvements to Heroku SSL Endpoints, including:
- Perfect Forward Secrecy
- TLS 1.1, 1.2 support
- Updated ciphers
These enhancements have already been rolled out and are in effect for...