Assigned
Status Update
No update yet.
Comments
qu...@gmail.com
I have forwarded your request to our engineering team. I cannot provide an E.T.A. or guarantee that this feature will be deployed. Rest assured that your feedback is always seriously taken. Any future updates will be posted on this thread.
qu...@gmail.com
Is there any progress with that feature request?
ji...@google.com
I'm also very interested in having this extension in cloudsql for postgres since it's blocking the emigration of one of ours databases
qu...@gmail.com
+1 to voting for the ip4r extension. Currently not supported in Cloud SQL and we make use of it.
ll...@google.com
da...@pcg.io
Any updates on this? It's blocking a migration from RDS to google cloud.
an...@gmail.com
+1
jk...@radformation.com
+1
ad...@salemtech.in
+1
Description
Scanning Cloud SQL running MySQL has this vulnerability
Shows:
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
What you expected to happen:
Does not show this warning
Steps to reproduce:
1. Create MySQL Cloud SQL box
2. run nmap:
nmap -p 3307 -Pn --script ssl-enum-ciphers [CloudSQL.MySQL.ExternalIP]
Other information (workarounds you have tried, documentation consulted, etc):
1. PostgreSQL has this setting: ssl_min_protocol_version which can be set to tlsv1.3 to prevent weak ciphers.
2. Attempt to spin up PostgreSQL CloudSQL box.
3. Scan at port 5432 doesn't report. But feels like doesn't matter what Engine you choose, it seems like it uses the same VM Images that run a the engine of your Choice. Although Postgres run on port 5432, 3307 is still open. Thus scanning on 3307 still show vulnerability although Postgres does not use that port.
4. Even if this go through,