HTTPS - Google Cloud Storage vs Amazon S3

Google Cloud Storage vs Amazon S3

Last Updated: 10/28/2016

Below is a high level HTTPS security and performance comparison table between Google Cloud Storage and Amazon Simple Storage Service (S3). While cost, performance, and reliability are certainly factors in making a cloud storage decision the scope of this post is specifically limited to HTTPS.

Google Cloud Storage Amazon Simple Storage Service
Qualys SSL Labs Link
Qualys SSL Labs score A B
SSL certificate issuer Google Internet Authority G2 DigiCert Baltimore CA-2 G2
Key RSA 2048 bits RSA 2048 bits
Signature algorithm SHA256withRSA SHA256withRSA
Additional chain certificates 3 (3489 bytes)
(Note: one of the chained certs uses a weak signature algorithm SHA1)
2 (2690 bytes)
Protocol support TLS 1.2, TLS 1.1, TLS 1.0 TLS 1.2, TLS 1.1, TLS 1.0
Secure renegotiation Supported Supported
BEAST attack Not mitigated server-side Not mitigated server-side
POODLE (SSLv3) No, SSL 3 not supported No, SSLv3 not supported
Downgrade attack prevention Yes, TLS_FALLBACK_SCSV Yes, TLS_FALLBACK_SCSV
RC4 cipher support No No
Heartbleed No No
Forward secrecy With modern browsers No, weak key exchange
Next procol support h2 spdy/3.1 http/1.1 None
Session resumption (caching) Yes No (IDs assigned but not accepted)
Session resumption (tickets) Yes No
OCSP stapling No No
Strict transport security (HSTS) by default No No
HSTS preloading No No
Public key pinning (HPKP) No No