Hello, The only way to make changes to the TLS version and cipher suites of your App Engine domain is to create a ticket in your Google Cloud Console Home -> Main Menu -> Support tab. What my colleague was expressing was that If you do not have access to the appropriate support package, you may use GCLB to set the appropriate TLS and cipher configuarations and route traffic to your app appropriately. Effectively bypassing the need for support and giving you full control over your TLS and cipher configuration.
On Tuesday, May 18, 2021 at 11:14:47 AM UTC-4 Tobias Binna wrote: > Thank you for all the details, Katayoon! > > We are not using GCLB and would like to contact support to make changes to > the TLS version and cipher suites. However, we are on the basic/free > support role which does not allow me to open a case for this. > > So my question is if there is any other way we can contact support or get > help with this? Or would we have to subscribe to the smallest $100 package > just for this single request? > > Thanks, > Tobias > > On Tuesday, May 18, 2021 at 7:35:22 AM UTC+8 Katayoon (Cloud Platform > Support) wrote: > >> Hi Tobias, >> >> As explained in this public documentation >> <https://cloud.google.com/appengine/docs/standard/python3/securing-custom-domains-with-ssl#disabling_tls_versions_and_ciphers>, >> >> the recommended solution for managing TLS versions and cipher suites is >> using Google Cloud Load Balancer >> <https://cloud.google.com/blog/products/networking/better-load-balancing-for-app-engine-cloud-run-and-functions> >> (GCLB) >> with Serverless NEGs >> <https://cloud.google.com/load-balancing/docs/negs/serverless-neg-concepts> >> , >> so that you can define a SSL security policy to restrict the TLS versions >> and cipher suites used. You may also take a look at the GCLB documentation >> describing TLS version and cipher support >> <https://cloud.google.com/load-balancing/docs/ssl-policies-concepts#defining_an_ssl_policy> >> >> and directions for configuring SSL policies >> <https://cloud.google.com/load-balancing/docs/use-ssl-policies>. >> >> If you choose not to utilize GCLB and use your GAE domains types, Cloud >> Support is able to make changes to the TLS versions and cipher suites. >> However, you need to send your request via your support package >> <https://cloud.google.com/support>. >> >> >> On Monday, May 17, 2021 at 9:16:56 AM UTC-4 Tobias Binna wrote: >> >>> We have an app running on App Engine Standard and have a requirement to >>> disable TLS 1.0 and 1.1. >>> >>> I read in several places [1 >>> <https://groups.google.com/g/google-appengine/c/N2vEpRA9iUM/m/8xQHZ0FqBAAJ> >>> ][2 >>> <https://medium.com/google-cloud/secure-google-cloud-platform-connections-and-tls-1-0-d1ad16851dfb> >>> ][3 <https://stackoverflow.com/a/57830252/5115898>] that we can contact >>> support to help with this however, it seems we are currently on the basic >>> plan which does not allow me to open any support cases for technical issues. >>> >>> Is there any way we can get help with this without subscribing for a >>> $100/user/month support plan? >>> >>> Thanks in advance! >>> >> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/8cefedb6-f9dd-4ea0-bccd-f81bab473a2bn%40googlegroups.com.
