Does Google App Engine support SSL 3?
47 views
Skip to first unread message
Joshua Fox
Jan 9, 2018, 6:22:17 AM1/9/18
to google-a...@googlegroups.com
Do GAE Standard and Flexible Environments support or disable SSL 3, which is vulnerable to the Poodle attack?
Kenworth (Google Cloud Platform)
Jan 9, 2018, 1:49:59 PM1/9/18
to Google App Engine
AFAIK, SSLv3 support has been disabled for GAE Standard and Flex. Google discovered this vulnerability and solutions had since been implemented. In fact, modern browsers now disables the support for SSLv3 (starting Chrome v40, SSLv3 support is disabled by default).
You can also test this manually if your server supports SSLv3. Example on any Unix machine:
A host that has SSLv3 disabled will return an error with handshake failure in it.
You can also test this manually if your server supports SSLv3. Example on any Unix machine:
openssl s_client -connect <host>:<port> -ssl3
A host that has SSLv3 disabled will return an error with handshake failure in it.
Reply all
Reply to author
Forward
0 new messages