Starting August 18, 2025, Pantheon will begin rolling out PHP Runtime Generation 2 to all sites on the platform. The new PHP Runtime enforces the use of TLS 1.2 or 1.3 for external connections. This change is part of our ongoing efforts to enhance security and comply with modern best practices.
What is TLS?
Transport Layer Security (TLS) is the cryptographic protocol that secures connections between systems — for example, when your website connects to a third-party API. TLS 1.0 and 1.1 were introduced in 1999 and 2006, respectively, and are now considered deprecated due to known vulnerabilities and lack of support for modern encryption standards.
TLS 1.2 was released in 2008 and remains the industry standard, with widespread adoption across browsers and APIs. TLS 1.3, released in 2018, offers additional performance and security benefits.
Action Required
Sites using external services that still rely on TLS 1.0 or 1.1 will experience failed connections once PHP Runtime Generation 2 is enabled. We strongly recommend auditing your site’s outgoing connections to ensure compatibility with TLS 1.2 or higher.
Follow our guide for testing TLS compatibility to check whether your site is making external requests using outdated TLS versions. Our DevRel team has created a WordPress plugin and Drupal module that can help expedite your testing.
Need More Time?
If you discover that your site relies on services that do not yet support TLS 1.2 or higher and need more time to upgrade, you can opt out of Generation 2 temporarily while you update those dependencies. Opting out will be available until early 2026.