Google introduced the usage of GCLB to self-manage SSL certificate and SSL policies which include TLS version and ciphers, on serverless platforms.
Using Google Cloud Load Balancer (GCLB) with Serverless NEGs, you can define a SSL security policy to restrict the TLS versions and cipher suites used. This can be implemented by following documents [1] [2] [3] and [4] . [1] https://cloud.google.com/load-balancing/docs/https/setting-up-https-serverless [2] https://cloud.google.com/load-balancing/docs/negs/serverless-neg-concepts [3] https://cloud.google.com/load-balancing/docs/ssl-policies-concepts#defining_an_ssl_policy [4] https://cloud.google.com/load-balancing/docs/use-ssl-policies On Sunday, June 27, 2021 at 9:17:02 AM UTC-4 [email protected] wrote: > Hello everyone, how are you? > > I wonder if it's possible disable or to ask to disable TLS 1.0, DES, 3DES > and CBE. > I'm using App Engine and I found some vulnerabilities like SWEET32 and > LUCKY13. > > Thank you, guys. > Greetings > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/3b994312-3e05-4f6e-a552-a75b71f8df67n%40googlegroups.com.
