Why am I seeing "unsupported protocol" errors from my apps using SSL?


When sending requests to your application you're seeing errors like:


Unsupported protocol

The client and server don't support a common SSL protocol version or cipher suite.


This issue often happens when your SSL certificate uses elliptic curve algorithms either for the hash function used to sign the certificate when generating it or when generating the key. A certificate can be generated and signed using elliptic curve hash functions while not generating a key using an elliptic curve algorithm. If either is the case (or both), the certificate will not work on the Heroku platform.

You can check your certificate by running:

openssl x509 -noout -text -in ~/path/to/your/certificate.crt

A line like this indicates that your certificate was signed using an elliptic curve hash function (the ec in ecdsa indicates 'elliptic curve'):

Signature Algorithm: ecdsa-with-SHA256

You can also look for a line mentioning ASN1 OID, which indicates that the key was generated using an elliptic curve (the value is the named curve that was used).

If you see that your SSL certificate is using elliptic curves, contact the certificate issuer you used to see if they can issue you another certificate using non-elliptic curve algorithms/hash functions.