October 16th, 2008 | Published in Google App Engine
One of the most frequently requested features for App Engine has been HTTPS serving capabilities. Today we're excited to announce that App Engine now supports incoming HTTPS connections using a certificate valid for all appspot.com URLs. Here's how it works:
app.yamlfiles now support a new handler attribute, called "secure":
- url: /accounts/.* script: admin.py login: admin secure: always
This attribute can be set to either
never(default), and determines the behavior of the handler for HTTP and HTTPS requests. See our documentation for more details.
- HTTPS requests have their own bandwidth quotas, but also count toward your total bandwidth quotas. You can monitor these quotas on your Admin Console Dashboard.
You may be wondering why we're only supporting appspot.com right now, and not arbitrary Google Apps domains. This has to do with fundamental limitations in the SSL protocol. We're currently investigating workarounds for this using e.g. SNI, which provides a viable solution for newer browsers--we'll keep you posted!
As always, please tell us what you think in our Google Group, and let us know what else you'd like to see!