Closed Bug 1316712 Opened 8 years ago Closed 8 years ago

Switch from the Heroku SSL endpoint addon to their new native SNI SSL support

Categories

(Tree Management :: Treeherder: Infrastructure, defect, P3)

Product:
Tree Management
Component:
Treeherder: Infrastructure
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: emorley, Assigned: emorley)

References

Details

Heroku's native SNI-based SSL has been out for a bit now: https://blog.heroku.com/ssl-is-now-included-on-all-paid-dynos We should consider switching to it from the SSL endpoint addon. Pros: * Doesn't require the $20/month addon * Copes with spikes in load without needing to pre-warm * Heroku have said it's recommended over the old SSL endpoint addon, and that new features will only be available on the SNI based solution * the SNI based solution wasn't affected during the Dyn DDOS, unlike the SSL addon Cons: * Requires SNI, so can't be used by people on Windows XP who only have Internet Explorer installed (https://en.wikipedia.org/wiki/Server_Name_Indication#Support) Switching process: https://devcenter.heroku.com/articles/ssl#migrate-from-ssl-endpoint-to-heroku-ssl
The only people who won't have SNI support are those on: * Windows XP using Internet Explorer (whom are stuck on IE8 anyway, which we don't want to support regardless), though they can just use Firefox or Chrome instead * Those on Android 2.3 using the stock browser (though they can use Firefox for Android/Chrome instead) (from http://caniuse.com/#feat=sni) So we don't need to worry about lack of support.
Depends on: 1320303
Depends on: 1328435
Blocks: 1331583
Both apps switched over in the dep bugs, and I've removed the legacy SSL endpoint addon from both :-)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Blocks: 1363814
You need to log in before you can comment on or make changes to this bug.