All posts tagged with ssl


This article was originally authored by Srinath Ananthakrishnan, an engineer on the Heroku Runtime Networking Team

Summary

This following story outlines a recent issue we saw with migrating one of our internal systems over to a new EC2 substrate and in the process breaking one of our customer’s use cases. We also outline how we went about discovering the root of the issue, how we fixed it, and how we enjoyed solving a complex problem that helped keep the Heroku customer experience as simple and straightforward as possible!

History

Heroku has been leveraging AWS and EC2 since the very early days. All these years, the Common Runtime has been running on EC2 Classic and while there have...

Since April 2021, the Heroku Runtime team has been working to deploy upgrades to the infrastructure powering Common Runtime apps, and we’re excited to formally announce the performance improvements that customers are already seeing.

When this Changelog post was published in May introducing the changes, almost all Common Runtime apps had been migrated from what we internally called the “classic“ infrastructure to the new “sharded” architecture. In addition to performance enhancements, this migration is expected to result in lower latency across the platform.

Around 99.9% of customers didn’t have to make any changes to their Heroku apps to benefit from these upgrades, and dyno prices are...

We are happy to announce the general availability of Automated Certificate Management (ACM) for all paid Heroku dynos. With ACM, the cumbersome and costly process of provisioning and managing SSL certificates is replaced with a simple experience that is free for all paid Dynos on Heroku’s Common Runtime. Creating secure web applications has never been more important, and with ACM and the Let’s Encrypt project, never easier.

ACM handles all aspects of SSL/TLS certificates for custom domains; you no longer have to purchase certificates, or worry about their expiration or renewal. ACM builds directly on our recent release of Heroku Free SSL to make encryption the default for web applications...

During the development of the recently released Heroku SSL feature, a lot of work was carried out to stabilize the system and improve its speed. In this post, I will explain how we managed to improve the speed of our TLS handshakes by 4-5x.

The initial reports of speed issues were sent our way by beta customers who were unhappy about the low level of performance. This was understandable since, after all, we were not greenfielding a solution for which nothing existed, but actively trying to provide an alternative to the SSL Endpoint add-on, which is provided by a dedicated team working on elastic load balancers at AWS. At the same time, another of the worries we had was to figure out how...

Encrypted communication is now the norm for applications on the Internet. At Heroku, part of our mission is to spread encryption by making it easy for developers to setup and use SSL on every application. Today we take a big step forward in that mission by making Heroku SSL generally available, allowing you to easily add SSL encryption to your applications with nothing more than a valid SSL certificate and custom domain.

Heroku SSL is free for custom domains on Hobby dynos and above and relies on the SNI (“Server Name Indication”) extension which is now supported by the vast majority of browsers and client libraries. The current SSL endpoint will remain available for the increasingly rare...

Browse the blog archives or subscribe to the full-text feed.