Alex BalhatchetAug 31, 2023
Mike Perham 

If you’re a Sidekiq and Heroku user, please speak up in this issue. Heroku needs to fix this security issue, we can’t allow insecure systems to linger for years without a fix.

https://github.com/heroku/roadmap/issues/148

Use a trusted CA for Redis certificate · Issue #148 · heroku/roadmap

Required Terms I agree to follow this project's Code of Conduct I have read and accept the Salesforce Program Agreement What service(s) is this request for? Redis Tell us about what you're trying t...

GitHub
Aug 30, 2023 at 9:18pmWeb
Show threadWill ClarkAug 30, 2023
@getajobmike Does anyone even still work at Heroku?
Show threadMike Perham Aug 30, 2023
@robotdeathsquad ¯\_(ツ)_/¯
Show threadAdam LassekAug 30, 2023

@getajobmike I’m running Sidekiq on Google Memorystore with their self-signed certs, and I didn’t need to disable TLS to do it.

ssl_params needs better documentation, but it fully supports this use-case

Show threadAdam LassekAug 30, 2023

@getajobmike The fact that their official documentation tells you to disable TLS is the real problem. That is bad advice.

I can pull the cert chain easy enough but they should have an official api for this.

Show threadPaul Sadauskas ✊ ResistAug 30, 2023
@getajobmike that would require Heroku to spend engineering effort on something, which isn’t a thing that really happens any more…
Show threadscottAug 31, 2023
@getajobmike given they can just add their own certs as trusted root certs on all the dynos (idk why they couldn't) they wouldn't even need to pay to sign them.