I'm happy to announce that the CAPI and Diego teams have completed work for CF v269 that enables all communication between the two systems to use mTLS. This announcement is the beginning of a migration period for operators to deploy with secure communications. In CF v274 we will begin enforcing secure communication by default. Deployments that do not follow the migration strategy within that time frame, will note some disruptions to pushing apps during deployment, but no affects to application uptime. Please read the attached doc for information on the changes to the CF system as well as instructions for performing deployments that will not affect application push availability.

https://docs.google.com/document/d/1pdxC1DqROqk72BDw--6b5v2r0K7Jpp9l-FbO6tlkQDs/edit?usp=sharing

Please feel free to add comments to the provided doc so we can all benefit from any additional clarity regarding these changes.

Thanks!
Zach Robinson