Hello Alex, I found this Stack Overflow question <https://stackoverflow.com/questions/31865325/node-js-tls-request-with-specific-ciphers> which explains how you can enforce the use of TLS 1.2 and of specific ciphers using NodeJS.
Regarding Google's stance on TLS and ciphers, please read this article on commonly reported SSL/TLS vulnerabilities <https://sites.google.com/site/bughunteruniversity/nonvuln/commonly-reported-ssl-tls-vulnerabilities> . I hope this helps! On Tuesday, January 23, 2018 at 10:10:09 AM UTC-5, Alex Komarovsky wrote: > > Our application hosted on Google App Engine Node.js (Flexible > Environment). We are now under review of security inspection and failing on > the issue that our application supports TLS 1.0 and 1.1 versions. > > > Is there a way to enforce the use of only TLS 1.2? And also block ciphers > that are below 128 bit? > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/64b8e722-dabe-4792-84d4-b640af9b96d7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
