Re: AppEngine is now able to block TLS 1.0 and 1.1

OddPrints · 03-17-2025 05:19 AM

For some reason, I'm not able to reply to this post: https://www.googlecloudcommunity.com/gc/General-Misc-Q-A/How-to-Disable-TLS-1-0-and-1-1-in-AppEngine...

(/cc @Fabiotbp @mslarkin @chrisgoodman @Codiak @OliRM )

But as of now (March 2025), Google AppEngine is able to block TLS 1.0 and 1.1 without requiring a load balancer, huzzah! https://cloud.google.com/appengine/docs/standard/secure-minimum-tls

This is great news if your site was requiring PCI compliance from an external scanner like SecurityMetrics.

chrisgoodman

Brilliant! It hasn't rolled out to my projects yet but I will lookout for it.
That other thread seems to be locked now. I guess those discussions will soon be out of date and misleading.

OddPrints

Looks like they've reverted something since yesterday already! The docs have been taken back down and my option has vanished from the settings.

Hopefully, they're just fixing something they missed and it'll be back soon 🤞

Franck2903

Same for me, and without any message from google.

SC001

This option is available again, but selecting a minimum version of 1.2 for the SSL policy is not causing any enforcement, it seems.

TLS 1.0/1.1 are still accepted after setting this option 2 days ago. I tried redeploying, just in case that was needed, but no dice.

Anyone able to get this setting to actually block TLS < 1.2?