[google-appengine] Re: GCE Managed SSL: param for ECDSA certificates?

2019-01-22 Thread 'Devin Taylor' via Google App Engine 
Hey Mark,

I don't believe a link was provided for the Feature Request to support SSL 
via ECDSA. 

We currently already had one open and you can star it here 
. It has been open since 
2016, however, I made sure to update the engineers internally that the 
community still has interest in the request.

Be sure to follow the tracker for any updates :) 


On Friday, January 11, 2019 at 10:20:15 PM UTC-5, Nicolas (Google Cloud 
Platform Support) wrote:
>
> Hi Mark,
>
> Thanks for your last message. 
>
> I will be adding the information provided to the Feature Request that 
> we’ve already filed, they will be useful!
>
> I will be closing this private issue  as I understand that no changes are 
> required to your specific project but more of a possible general 
> improvement of the product. You can follow the progress of the possible 
> implementation of this feature here 
> .
>
> Please note that there are no ETAs or guarantees of implementation for 
> feature requests.
>
> Thank you for your understanding.
>
>
> On Thursday, January 10, 2019 at 5:23:17 PM UTC-5, Mark Kubacki wrote:
>>
>> Hi Nicolas,
>>
>> Thanks for relying this as request for enhancement to the engineering 
>> team!
>>
>> Just so we get the wording right—I am neither asking for customized TLS 
>> settings/versions, nor non-standard cipher suites. It's about the 
>> certificate, which I'd like to be an "ECDSA one". That is, the 
>> public-private key pair won't be RSA with 2048 bit but instead for ECDSA 
>> with curve P-256.
>>
>> Your stack will adjust the available cipher suites accordingly, 
>> automatically, being presented that kind of certificate.
>>
>> You've opened a bug for my domain, thanks. I've followed up there. Again, 
>> this email is just a clarification.
>>
>> -- 
>> Cheers!
>> Mark Kubacki
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/2ef2aaf8-df74-4cab-a452-3ffb5c0eed2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-appengine] Re: GCE Managed SSL: param for ECDSA certificates?

2019-01-11 Thread 'Nicolas (Google Cloud Platform Support)' via Google App Engine 


Hi Mark,

Thanks for your last message. 

I will be adding the information provided to the Feature Request that we’ve 
already filed, they will be useful!

I will be closing this private issue  as I understand that no changes are 
required to your specific project but more of a possible general 
improvement of the product. You can follow the progress of the possible 
implementation of this feature here 
.

Please note that there are no ETAs or guarantees of implementation for 
feature requests.

Thank you for your understanding.


On Thursday, January 10, 2019 at 5:23:17 PM UTC-5, Mark Kubacki wrote:
>
> Hi Nicolas,
>
> Thanks for relying this as request for enhancement to the engineering team!
>
> Just so we get the wording right—I am neither asking for customized TLS 
> settings/versions, nor non-standard cipher suites. It's about the 
> certificate, which I'd like to be an "ECDSA one". That is, the 
> public-private key pair won't be RSA with 2048 bit but instead for ECDSA 
> with curve P-256.
>
> Your stack will adjust the available cipher suites accordingly, 
> automatically, being presented that kind of certificate.
>
> You've opened a bug for my domain, thanks. I've followed up there. Again, 
> this email is just a clarification.
>
> -- 
> Cheers!
> Mark Kubacki
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/303909dc-676d-4e97-975e-fc28877438ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-appengine] Re: GCE Managed SSL: param for ECDSA certificates?

2019-01-10 Thread Mark Kubacki 
Hi Nicolas,

Thanks for relying this as request for enhancement to the engineering team!

Just so we get the wording right—I am neither asking for customized TLS 
settings/versions, nor non-standard cipher suites. It's about the 
certificate, which I'd like to be an "ECDSA one". That is, the 
public-private key pair won't be RSA with 2048 bit but instead for ECDSA 
with curve P-256.

Your stack will adjust the available cipher suites accordingly, 
automatically, being presented that kind of certificate.

You've opened a bug for my domain, thanks. I've followed up there. Again, 
this email is just a clarification.

-- 
Cheers!
Mark Kubacki

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/e19aa2d0-4f9e-4bd1-b541-d1887268177e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[google-appengine] Re: GCE Managed SSL: param for ECDSA certificates?

2019-01-07 Thread 'Nicolas (Google Cloud Platform Support)' via Google App Engine 
Hi Mark, 

Currently it is not possible to manually customize the TLS versions on App 
engine.

However a feature request has been forwarded to the App Engine engineering 
team so that they may evaluate it. You can track the feature request here 
. Note that there are no 
ETAs or guarantees of implementation for feature requests.

Also I have created a private issue on Issue Tracker so you can provide us 
the customs domains and the TLS specifications that you want. This will 
allow me to file a request so it can be done manually by our team. You can 
find this issue here .

On Sunday, December 23, 2018 at 10:14:59 PM UTC-5, Mark Kubacki wrote:
>
> Hello:
>
> I am using Google App Engine with a custom domain, which works so far.
>
> Switching *SSL security* to *Google-managed* employs a RSA 2048 
> certificate for signing.
>
> Yet I'd like to use ECDSA P-256 (and ECDHE-ECDSA suites) – is there any 
> flag or command line option for this setting? (One exists but for DNSSEC.)
>
> -- 
> Thanks!
> Mark Kubacki
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/f96e783f-1174-4843-a9c5-917b380f37ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.