This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Enforcing TLS 1.2+ on GTM Server-Side Tagging Server (App Engine)

Posted on 09-17-2024 11:09 PM
chandrakant
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have set up a Google Tag Manager (GTM) server-side tagging server for one of my clients. The tagging server uses the domain, while the client's primary domain is www.example.com. This setup has been running smoothly for over a year.

Recently, the client's IT team updated their security policy to only allow TLS connections that are equal to or greater than TLS 1.2. However, the tagging server (tagging.example.com) is still allowing connections with TLS versions lower than 1.2. This is raising concerns about potential security vulnerabilities, and the client’s IT team has requested that we resolve this issue as soon as possible.

Could someone please guide me on how to ensure that the GTM server-side tagging server only allows TLS 1.2 or higher? I appreciate any insights or solutions on how to implement this in the current setup.

Thanks in advance!

Solved Solved
0 2 679
Jump to Solution
0 Likes
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
greb
Staff
Reply posted on --/--/---- --:-- AM

Hi @chandrakant,

Welcome to Google Cloud Community!

It is possible to require TLS 1.2 or higher for your Google Tag Manager (GTM) server-side tagging server, however, this will vary depending on your infrastructure. There are no native TLS controls in GTM, so you must manage this using Google Cloud services.

Recommendations:

  • Use Google Cloud Load Balancer (GCLB) to Enforce TLS 1.2+: Set up a Google Cloud Load Balancer with an SSL policy to restrict connections to TLS 1.2 or higher. This will ensure your tagging server meets the new security requirements.
  • Use a Network Endpoint Group (NEG) Load Balancer: Set up a NEG load balancer with the SSL policy. NEGs help you control traffic to serverless services, enforcing your TLS requirements.
  • Check TLS Integration in Google Tag Manager: While GTM relies on Google Cloud infrastructure for security, you may check the Server-Side Tags Manager documentation or consult the Google Tags Manager community to see if there are any GTM-specific settings for enforcing TLS.
  • Contact Google Cloud Support: If you have a support package, reach out to Google Cloud Support with detailed information and screenshots for a more in-depth analysis.

I hope the above information is helpful.

View solution in original post

Jump to Solution

Posted on --/--/---- --:-- AM
chandrakant
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @greb 

Thank you for the recommendations regarding enforcing TLS 1.2 or higher for our Google Tag Manager (GTM) server-side tagging server.

I have implemented the initial solution; however, applying an SSL policy for the App Engine service would be quite complex. Therefore, I have requested the client to consider migrating to the Cloud Run service. This transition would provide a more straightforward setup for applying the SSL policy and effectively restrict TLS connections to version 1.2 and above.

chandrakant_0-1727276098990.png

 

I appreciate your guidance. 

 

Regards,
Chandrakant

 

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
greb
Staff
Reply posted on --/--/---- --:-- AM

Hi @chandrakant,

Welcome to Google Cloud Community!

It is possible to require TLS 1.2 or higher for your Google Tag Manager (GTM) server-side tagging server, however, this will vary depending on your infrastructure. There are no native TLS controls in GTM, so you must manage this using Google Cloud services.

Recommendations:

  • Use Google Cloud Load Balancer (GCLB) to Enforce TLS 1.2+: Set up a Google Cloud Load Balancer with an SSL policy to restrict connections to TLS 1.2 or higher. This will ensure your tagging server meets the new security requirements.
  • Use a Network Endpoint Group (NEG) Load Balancer: Set up a NEG load balancer with the SSL policy. NEGs help you control traffic to serverless services, enforcing your TLS requirements.
  • Check TLS Integration in Google Tag Manager: While GTM relies on Google Cloud infrastructure for security, you may check the Server-Side Tags Manager documentation or consult the Google Tags Manager community to see if there are any GTM-specific settings for enforcing TLS.
  • Contact Google Cloud Support: If you have a support package, reach out to Google Cloud Support with detailed information and screenshots for a more in-depth analysis.

I hope the above information is helpful.

Jump to Solution

Posted on --/--/---- --:-- AM
chandrakant
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @greb 

Thank you for the recommendations regarding enforcing TLS 1.2 or higher for our Google Tag Manager (GTM) server-side tagging server.

I have implemented the initial solution; however, applying an SSL policy for the App Engine service would be quite complex. Therefore, I have requested the client to consider migrating to the Cloud Run service. This transition would provide a more straightforward setup for applying the SSL policy and effectively restrict TLS connections to version 1.2 and above.

chandrakant_0-1727276098990.png

 

I appreciate your guidance. 

 

Regards,
Chandrakant

 

Jump to Solution
0 Likes
Top Solution Authors
View all