SHA-1 SSL Signatures in Your SSL Certificates

The SHA-1 cryptographic hash algorithm is twenty years old, and the feasibility of collision attacks against it is improving. To combat that threat, Google Chrome will start marking connections as insecure if the website uses a SHA-1 signed SSL certificate.

Starting in version 42 of Chrome, websites using a SHA-1 signed SSL certificate will get a red X across the lock, and users will be notified their connection might not be private. Mozilla plans to make similar changes to Firefox.

Currently, Google Chrome stable is version 41, Chrome Beta is version 42, and Canary builds are version 44. As each stable release of chrome is pushed on six week intervals, the stable version of Chrome is going to be updated to version 42 in the next few weeks.

At this time, only SHA-1 certificates with a validation date expiring after 2015 will be marked as insecure. To stay ahead of the curve, Engine Yard is going to be reaching out to all customers affected by this change.

If you’re doing this on your own, the easiest way to fix this issue is by updating the older certificates to use SHA-2. If interested, you can use a third party to scan your existing certificate for any other shortcomings. Qualys does a pretty good job, as does DigiCert and Symantec.

If you have questions about the security procedures or controls in place at Engine Yard, please do not hesitate to contact us.

You can reach us via our ticketing system or in #engineyard on Freenode.

Frankfurt AWS Region Now Available on Engine Yard

We are happy to announce the Frankfurt AWS region is now available for all Engine Yard customers. This region currently supports all C3, M3, R3, and T2 instances.

You can now tailor your application delivery to your European clients by complementing the Ireland facility with Frankfurt. On top of all of the latency benefits you gain by having a data center closer to your customers, you can also keep all of your data within Germany and comply with the EU Data Protection Directive, also known as Directive 95/46/EC. AWS provides a detailed explanation of how compliance works in this region.

As always, Engine Yard is committed to conducting business in a manner that complies with the US–EU Safe Harbor Framework and the US–Swiss Safe Harbor Framework. More details can be found in our EU Safe Harbor Policy.

If you are interested in utilizing this setup or want additional information, please contact our Customer Success team.

Sign up for a free trial with Engine Yard today to try out this new region.

Learn about Engine Yard
Try Engine Yard for your Ruby or PHP Apps

What to Expect When You're Expecting: PHP 7, Part 2

This is part two in our Expecting PHP 7 miniseries. Read part one.

As you probably already know, PHP 7 is a thing, and it’s coming this year! Which makes this as good a time as any to go over what’s new and improved.

In the first part of this series, we looked at the some of the most important inconsistency fixes coming up in PHP 7 as well as two of the biggest new features. In this post, we take a look another six big features to land in PHP 7 that you’ll want to know about.

Unicode Codepoint Escape Syntax

The addition of a new escape character, \u, allows us to specify Unicode character code points (in hexidecimal) unambiguously inside PHP strings:

The syntax used is \u{CODEPOINT}, for example the green heart, 💚, can be expressed as the PHP string: "\u{1F49A}".

Read More

Cloud in My Coffee - Episode 2 with Davey Shafik

As promised, it's time for your monthly dose of “Cloud in My Coffee”, the monthly video series from the Engine Yard Community Team. This video series features interviews with many of the people that make Engine Yard what it is every day. From the “C” level executives to those working the tickets on our Support Team, you’ll have the opportunity to get to know the Yardees around the world, all from the comfort of your seat, cup of coffee close at hand.

Read More

What to Expect When You're Expecting: PHP 7, Part 1

This is part one in our Expecting PHP 7 miniseries. Read part two.

As many of you are probably aware, the RFC I mentioned in my PHP 5.0.0 timeline passed with PHP 7 being the agreed upon name for the next major version of PHP.

Regardless of your feelings on this topic, PHP 7 is a thing, and it’s coming this year! With the RFC for the PHP 7.0 Timeline passing almost unanimously (32 to 2), we have now entered into feature freeze, and we’ll see the first release candidate (RC) appearing in mid June.

But what does this mean for you? We have seen a huge reluctance of web hosts to move towards newer versions of 5.x. Won’t a major version bring huge backwards compatibility breaks and make that move even slower?

The answer to that is: it depends. So keep reading.

A number of language edge cases have been cleaned up. Additionally, both performance and inconsistency fixes have been major focuses for this release.

Let’s get into the details.

Read More


Look through our specially curated posts to get focused, in-depth information on a single topic.