we need to disable weak ciphers on our GAE standard Java 8 for PCI compliance

[Robert Dyas]

We are using a custom domain... PCI security check flagged this issue. We need to disable TLS1.0, DES, 3DES, SSLv3, SSLv3.

How do we do this?

[Robert Dyas]

bump - any idea here?

[Nicolas (Google Cloud Platform Support)]

Hi Robert,

 

Currently it is not possible to disable this cipher suite for a custom domain however a feature request have already been open for the implementation of this.

 

That being said, it is possible to file a ticket  with GCP support and ask them to do this for your domain.


Please keep in mind there are no ETAs or timeline for a resolution or the implementation of the feature request.

[Joshua Smith]

Maybe if you front your site with CloudFlare, they can do something like that?

-- 
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/d2202e0a-e922-401b-91fb-4badf32dffb7%40googlegroups.com.