I’m securing my Google Cloud SQL Instance to be PCI DSS compliant, but when I’m scanning the server I get a critical warning over port 3307 saying that accepting a TLSv1.0 is not permitted. Where can I upgrade the TLS version to be at least 1.2? or how can I disable the 3307 port in Cloud SQL?
I have already tried to block the port 3307 with a firewall rule, but it seems that firewall rules don't affect the SQL instance.
At this time, setting the SSL Policy for Cloud SQL is not supported.
Google Cloud supports SSL policies: https://console.cloud.google.com/net-security/sslpolicies/
However, at this time, SSL policies are only supported for Load Balancers and SSL Proxies. SSL policies do not yet support Cloud SQL.
I am not sure what you mean by a firewall rule. Access to Cloud SQL is via whitelisted IP addresses or Cloud SQL Proxy. You should not, without good reason, be opening Cloud SQL to the whole world.
At this time, I am not aware of a method to change port numbers. Did you mean port 3306 instead of 3307?
For PCI compliance, I would not use a public IP address and instead, I would use Google Cloud SQL Proxy.