Attila-Mihaly Balazs also touched on this. But if it is the case that it is not possible to disable this for our custom domain could the Google engineers looking into this please provide the reasoning for this cipher still being used?
I need something to feedback to the third party security testers so that they will eventually give us their stamp of approval. It would help others if this was posted here, but i would also probably need this sent to my email address so that i can forward it on to the testers as some kind of proof they can document. Just something reasonable explaining or defending the decision. Explaining how they consider it to be secure. How this will only apply to old clients, as my understanding is that modern browsers cannot be downgraded to support older protocols. That these setting are used across other Google services and that Google will automatically handle depreciating these settings once they consider them to no longer be secure. Also anything else they think would be relevant to add to the explanation, thanks. On Tuesday, 20 March 2018 15:13:49 UTC, Fady (Google Cloud Platform) wrote: > > Hello Nikolaus, > > For the time being , you do not have the option to disable 3DES yourself. > However, I created a private issue tracker (sent privately) to investigate > the possibility if the backline team can disable it for your custom domain. > > Meanwhile, if your goal is to create a Payment Card Industry Data Security > Standard (PCI DSS) compliant environment, you may check this document > <https://cloud.google.com/solutions/pci-dss> for best practices. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/7656e0c3-e110-4994-ba43-ba7603b16970%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
