Mike

My feedback

  1. 62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Load Balancing  ·  Flag idea as inappropriate…  ·  Admin →
    Mike commented  · 

    Looks like this is in progress.

    https://cloud.google.com/compute/docs/load-balancing/http/#ssl_certificates

    -----------------------------
    SSL policies give you the ability to control the features of SSL that your HTTPS load balancer negotiates with HTTPS clients.

    By default, HTTPS load balancing uses a set of SSL features that provides good security and wide compatibility. Some applications require more control over which SSL versions and ciphers are used for their HTTPS or SSL connections. You can define SSL policies that control the features of SSL that your load balancer negotiates and associate an SSL policy with your target HTTPS proxy.

    -----------------------------

    The link to the feature goes to a 404 (https://cloud.google.com/compute/docs/load-balancing/http/compute/docs/load-balancing/ssl-policies), but hey it's a start.

    Mike commented  · 

    A year later, and another failing renewal scan because of TLS 1.0 and 3DES being supported with no way to disable them.
    Now only 6 months remaining before TLS 1.0 _must_ be disabled as per the PCI spec (aka 2/3 of the time available to get this done since opening the request has now passed!). At this rate will have to consider migration in case GCP doesn't get it done in time. Can't wait around until the last minute the find ourselves knowingly non compliant.

    From https://groups.google.com/forum/#!topic/gce-discussion/Df8f6OPE4X8 "There are no future plans that can be provided on this matter". What?

    Mike commented  · 

    Does Google not consider PCI compliance a priority? Amazon addressed this over 6 years ago.
    https://forums.aws.amazon.com/thread.jspa?messageID=213393

    Mike shared this idea  · 

Feedback and Knowledge Base