Solved: Can I disable TLS 1.3 on HTTPS Load Balancer?

younghunyun · 12-12-2022 04:33 PM

Hello

I checked the SSL policy in the frontend configuration of the HTTPS load balancer. When creating a new SSL policy instead of default, the minimum TLS version is selectable. There is no options to deny or disable TLS version.

The person currently developing the service is requesting that TLS 1.3 be disabled. Can I deny or disable TLS 1.3 on the GCP configuration? Or should I guide the persion that it is the client area that calls LB and it is not handling in GCP resource?

Marvin_Lucero

Hi @younghunyun ,

TLS 1.3 is enabled by default as part of Google Cloud's improvement of Internet protocols. This is a feature and not an option that can be disabled or skipped when setting up SSL policies.

View solution in original post

kumards

Hi @younghunyun ,

If the requirement to disable TLS 1.3 is because the clients of the app/service support only older SSL features, then choosing the COMPATIBLE profile for the SSL policy might be something that you can consider.

Relevant documentation: https://cloud.google.com/load-balancing/docs/ssl-policies-concepts#defining_an_ssl_policy

View solution in original post

Marvin_Lucero

Hi @younghunyun ,

TLS 1.3 is enabled by default as part of Google Cloud's improvement of Internet protocols. This is a feature and not an option that can be disabled or skipped when setting up SSL policies.

kumards

Hi @younghunyun ,

If the requirement to disable TLS 1.3 is because the clients of the app/service support only older SSL features, then choosing the COMPATIBLE profile for the SSL policy might be something that you can consider.

Relevant documentation: https://cloud.google.com/load-balancing/docs/ssl-policies-concepts#defining_an_ssl_policy