Looks like this is in progress.
SSL policies give you the ability to control the features of SSL that your HTTPS load balancer negotiates with HTTPS clients.
By default, HTTPS load balancing uses a set of SSL features that provides good security and wide compatibility. Some applications require more control over which SSL versions and ciphers are used for their HTTPS or SSL connections. You can define SSL policies that control the features of SSL that your load balancer negotiates and associate an SSL policy with your target HTTPS proxy.
The link to the feature goes to a 404 (https://cloud.google.com/compute/docs/load-balancing/http/compute/docs/load-balancing/ssl-policies), but hey it's a start.
A year later, and another failing renewal scan because of TLS 1.0 and 3DES being supported with no way to disable them.
Now only 6 months remaining before TLS 1.0 _must_ be disabled as per the PCI spec (aka 2/3 of the time available to get this done since opening the request has now passed!). At this rate will have to consider migration in case GCP doesn't get it done in time. Can't wait around until the last minute the find ourselves knowingly non compliant.
From https://groups.google.com/forum/#!topic/gce-discussion/Df8f6OPE4X8 "There are no future plans that can be provided on this matter". What?
Does Google not consider PCI compliance a priority? Amazon addressed this over 6 years ago.
https://forums.aws.amazon.com/thread.jspa?messageID=213393Mike shared this idea ·