c-a-m
commented
9 years ago I used Qualys SSLLabs to analyze https://passfault.appspot.com and I identified that SSLv3.0 is still in use. https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack
That is a problem that I can't resolve because SSL is implemented by app engine. (At least I couldn't find it looking around the app engine dashboard and support forums).
The website uses an outdated encryption TLv1.0, this will make the cookies vulnerable to a sniffer that already has a database on hand. the encryption can simply be updated to 2.0 that addresses this exact issue.