Just wanted to update that there indeed still is support for forward secrecy for some browsers, but not for all that would support it, that's why the ssllabs report isn't "green" regarding forward secrecy (which it used to be earlier iirc => maybe they've made the test stricter).
Any input on this would be highly appreciated as we as customers who host on app engine can't do anything about it (improve the situation) from what I understand. On Tuesday, September 17, 2013 2:41:17 AM UTC-7, Thomas Schranz wrote: > > It looks like using custom domains on app engine are no longer protected > by TLS forward secrecy: > > https://www.ssllabs.com/ssltest/analyze.html?d=blossom.io&s=74.125.34.52 > > Am I reading the ssllabs results the wrong way or did the behaviour change? > I just checked the results with an appspot domain now as well and it also > says 'forward secrecy: NO' > > Can anyone confirm? > > On Monday, July 8, 2013 6:04:53 PM UTC-7, Thomas Schranz wrote: >> >> Thanks a lot for your reply Wolfram. It indeed looks like all custom >> domains on app engine support forward secrecy now: >> https://www.ssllabs.com/ssltest/analyze.html?d=blossom.io&s=74.125.34.52 >> >> as far as I understand this was not the case at the time I posted to the >> group but I'm pretty happy about this & hope it stays like that :) >> >> On Monday, July 8, 2013 2:42:51 AM UTC-7, Wolfram Gürlich wrote: >>> >>> AFAIK forward secrecy is the only available option with all Google >>> services including custom domains. At least it says it uses "ECDHE_RCA" >>> when you look at the SSL connection info. >>> >>> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/groups/opt_out.
