Skip to main content
undefined
undefined

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

undefined

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

TLS 1.0 and 1.1 support removal, Drupal 8 made easy, and platform updates

March 14, 2018

Upcoming breaking change

  • We will remove support for TLS 1.0 and 1.1 connections to all applications on cloud.gov on March 30, so that all connections must use TLS 1.2. TLS 1.0 and 1.1 are outdated versions of the encryption protocol for HTTPS connections, and federal standards require federal systems to stop using them (see FedRAMP TLS Requirements). After this change, your applications will be inaccessible for anyone using a client device that requires TLS 1.1 or lower. We estimate this change will block less than 1 percent of traffic that reaches applications hosted on cloud.gov today. It’s probably required for your applications by your own agency as well, but if you have any concerns or questions, please contact us.

Announcements

  • Join us at the Cloud Foundry Summit on April 18-20 in Boston. Members of the cloud.gov team will present at this gathering of people who use and run platforms—like cloud.gov—that are based on the Cloud Foundry open source project. It includes government-focused sessions and training opportunities that may be useful to you and your team.

  • We invite research volunteers to help us improve cloud.gov. To participate, click on the embedded sign-up form at the bottom of the home page.

Added

  • We’ve made a demo showing how easy it is to deploy Drupal 8 to cloud.gov.

  • We’ve provided a guide explaining how to generate audit logs for events such as role changes, service bindings, and 75+ other events.

Fixed

  • We’ve updated the Overview for assessors page to clarify that logs are encrypted during transit and at rest.

Buildpack updates