Reputation: 563
Disable weak cipher for Google Cloud App engine custom domain website
I have set up a custom domain website using a PHP Google Cloud App engine. After some third party security testing i've been advised to disable the use of cipher suite DES-CBC3-SHA (TLS_RSA_WITH_3DES_EDE_CBC_SHA).
I'm trying to find out if its possible to disable this for a Google PHP App engine? Most of what I can find online either doesn't answer this particular question or is somewhat out of date.
I found this post useful, Can Google App Engine Java support TLS>1.0 . This suggests it's not possible, however it doesn't actually answer the question, it just concludes that if its good enough for google it should be fine.
Upvotes: 2
Views: 1881
Answers (1)
Reputation: 3329
Currently it is not possible to disable this cipher suite for a custom domain on the user end. However, it is possible to file a ticket to the GCP support and ask them to do this for your domain.
Upvotes: 4
Related Questions
- Disable Weak Cipher suites for Google Cloud Run custom domain?
- App-engine custom domain not defaulting to HTTPS
- how to disable weak ciphers in Google App Engine Java?
- SSL Error using custom domain with Google App Engine
- How do I enable SSL for custom domains on appengine?
- Adding SSL support for AppEngine custom domain
- SSL with Google App Engine custom domain
- Add HTTPS to a custom domain on Google App Engine (and keep HTTP working)
- https for custom domain on GAE
- How do I activate SSL on a custom domain in Google AppEngine?