1 Answer
- Newest
- Most votes
- Most comments
1
Hi Matteo,
I should read in details https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/
It will give you all details about the switch to this new version of TLS:
https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/
If you are one of the AWS customers who may be impacted, we will notify you on your AWS Health
Dashboard, and by email. After June 28, 2023, AWS will update our API endpoint configuration to
remove TLS 1.0 and TLS 1.1, even if you still have connections using these versions.
So, the Heath Dashboard mentioned above will tell which endpoints you have to fix (if any)
Didier
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Hi Didier,
first of all thank you very much for your kind answer.
The affected resource is this (eu-central-1 | BUCKET NAME | REST.GET.OBJECT | TLSv1 | 2 | [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36]), and I fixed it as suggested in those discussions below: https://repost.aws/it/questions/QU_1sNZ8ctQb6eLrVYBQ-kSw/s3-transfer-acceleration-older-tls-versions https://repost.aws/it/questions/QUWuLiWYYUTwayodvSCYNZ2g/how-to-restrict-s3-to-latest-tls
Here is the old privacy policy: { "Version": "XXXX-XX-XX", "Statement": [ { "Sid": "AllowPublicRead", "Effect": "Allow", "Principal": { "AWS": "" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::BUCKET NAME/" } ] }
While the updated one looks like this: { "Version": "XXXX-XX-XX", "Statement": [ { "Sid": "EnforceTLSv12orHigher", "Effect": "Deny", "Principal": { "AWS": "" }, "Action": "s3:", "Resource": "arn:aws:s3:::BUKET NAME/*", "Condition": { "NumericLessThan": { "s3:TlsVersion": "1.2" } } } ] }
Do you think the problem related to TLS connection is solved now? Thanks a lot!
Matteo