Can Google App Engine Java support TLS>1.0

Question

We have a Java app on Google App Engine. We use Google\'s custom domains and SSL support. A recent security audit has found two issues that we need to resolve relating to th

Answer 1

I heard back from two incredibly helpful GCE engineers, the gist of it is:

"the settings are shared with the servers serving most Google services, balancing client compatibility with modern best practices"

"[App Engine] runs our standard GFE configuration"

"While we deprecate what we can, we have to balance that with compatibility. Modern browsers do not allow the configuration of a TLS connection to be downgraded and so supporting older protocols like TLS 1.0 doesn't affect them."

So basically, it's good enough for Google, and their security teams are making those security choices based on a number of factors - as they see fit they will deprecate the older versions.