Search code examples
firebasesslencryptionfirebase-hosting

How to disable weak SSL ciphers on firebase hosting

My firebase.json file looks like

{
      "hosting": {
        "public": "dist",
        "ignore": [
          "firebase.json",
          "**/.*",
          "**/node_modules/**"
        ],
        "rewrites": [{
          "source": "**",
          "destination": "/index.html"
        }],
        "headers": [{
          "source": "**",
          "headers": [{
              "key": "Access-Control-Allow-Origin",
              "value": "*"
            },
            {
              "key": "X-Frame-Options",
              "value": "DENY"
            },
            {
              "key": "X-Content-Type-Options",
              "value": "nosniff"
            },
            {
              "key": "X-XSS-Protection",
              "value": "1; mode=block"
            }
          ]
        }]
      }
    }

want to know how can I disable weak SSL cipher

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
Solution

  • You can't. Firebase Hosting completely manages TLS configuration. You can derive that based on the following statements in their documentation:

    • "Zero-configuration SSL is built into Firebase Hosting, so content is always delivered securely."
    • "All content is served over an SSL connection from the closest edge server on our global CDN."
    • "Firebase automatically provisions SSL certificates for all your domains so that all your content is served securely."

    Firebase Hosting Documentation