AFAIK, SSLv3 support has been disabled <https://security.googleblog.com/2015/09/disabling-sslv3-and-rc4.html> for GAE Standard and Flex. Google discovered <https://en.wikipedia.org/wiki/POODLE> this vulnerability and solutions had since been implemented. In fact, modern browsers now disables the support for SSLv3 (starting Chrome v40 <https://en.wikipedia.org/wiki/Google_Chrome_version_history>, SSLv3 support is disabled by default).
You can also test <http://disablessl3.com/#test> this manually if your server supports SSLv3. Example on any Unix machine: openssl s_client -connect <host>:<port> -ssl3 A host that has SSLv3 disabled will return an error with handshake failure in it. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/110c2ba5-c8ba-4239-a018-941bdf624a9f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
