You need to have the TLS 1.2 enforced and all the other TLS cyphers disabled on your app domain. If you have your application deployed on App Engine we can help with that. However, you will need to open a case with us either if you have free or paid support package [1][2], informing the project ID and impacted domain(s) so that we can handle this privately.
[1] https://cloud.google.com/support-hub/ [2] https://cloud.google.com/support/docs/ On Tuesday, September 3, 2019 at 9:54:17 AM UTC-4, Rajesh Gupta wrote: > > Hello, > > Recently, we got security review done by X company, and they pointed out > the weak server side SSL/TLS > The following tool was used. > sslyze.exe --tlsv1 --tlsv1_1 --tlsv1_2 --hide_rejected_ciphers > > Please see the output > > [image: image.png] > > > > Following was recommended > > The server-side TLS endpoint's configuration should be updated to allow > only TLSv1.2 connections with cipher suites that use: > • Ephemeral Diffie-Hellman for key exchange (optionally, allow RSA for key > exchange if necessary for supporting some clients) > • Block ciphers with key lengths of at least 128 bits (AES-128 and > AES-256) > • Block ciphers in GCM mode. > > What should be done from my end? > > - eng-team > www.ServiceFolder.com > *Field Service Software on Google Cloud Platform and Mobile* > > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/5e0e236e-ab7a-4a09-ab69-b5397b9b1a46%40googlegroups.com.
