Disable Weak Cipher suites for Google Cloud Run custom domain?

We use a custom domain for our clients on Google Cloud Run. Since the custom domain gets a SSL certificate auto-assigned, we cant yet upload our own SSL certificate for the domain. However, our clients have been reporting a weak cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA is used in all the domains hosted here. Is there a way to disable this for a custom domain?Screenshot from the automated check

1. You cannot change the TLS policy of Cloud Run to remove that cipher.
2. If you must solve this problem, create an HTTP(S) Load Balancer, create a TLS Policy and assign it to the load balancer, create a backend for Cloud Run, move your custom domain to the load balancer.

I would not worry about the cipher unless you have a specific environment that requires that level of control. In that case, move the Cloud Run service to Compute Engine where you can control almost all details of the TLS policy via Apache configuration.

You can either benefit from the ease of use that Cloud Run offers or select to build your own services that control the TLS policy. In my opinion, Cloud Run is more secure than the general purpose default Apache/Nginx configuration. Unless you understand the TLS details, you can create a service that either does not function for all clients or is even less secure.