Thursday, October 16, 2008

Announcing HTTPS support for appspot.com!

One of the most frequently requested features for App Engine has been HTTPS serving capabilities. Today we're excited to announce that App Engine now supports incoming HTTPS connections using a certificate valid for all appspot.com URLs. Here's how it works:

  • app.yaml files now support a new handler attribute, called "secure":
    - url: /accounts/.*
      script: admin.py
      login: admin
      secure: always
    

    This attribute can be set to either always, optional, or never (default), and determines the behavior of the handler for HTTP and HTTPS requests. See our documentation for more details.

  • HTTPS requests have their own bandwidth quotas, but also count toward your total bandwidth quotas. You can monitor these quotas on your Admin Console Dashboard.

You may be wondering why we're only supporting appspot.com right now, and not arbitrary Google Apps domains. This has to do with fundamental limitations in the SSL protocol. We're currently investigating workarounds for this using e.g. SNI, which provides a viable solution for newer browsers--we'll keep you posted!

As always, please tell us what you think in our Google Group, and let us know what else you'd like to see!

No comments: