By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Implications of TLS 1.2 as Minimum Protocol for AWS API Endpoints: Does it impact on ELB and S3 etc.

0

I recently came across a notification stating, "TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints." This change prompts the question: does it affect all services on AWS? Specifically, does this mean that I can no longer integrate my applications, which are still using TLS 1.0/1.1, with Elastic Load Balancing (ELB) or S3?

Source: https://aws.amazon.com/cn/blogs/security/tls-1-2-required-for-aws-endpoints/

February 27, 2024: AWS has completed our global updates to deprecate support for TLS 1.0 and TLS 1.1 versions on our AWS service API endpoints across each of our AWS Regions and Availability Zones.

Does anyone please clarify whether this change will impact all services on AWS? Additionally, does this mean that my applications still using TLS 1.0/1.1 will no longer be able to connect to Elastic Load Balancing (ELB) or S3 or any other service on AWS?

Thank you.

Topics
Security, Identity, & ComplianceNetworking & Content DeliveryAWS Well-Architected Framework
Tags
Security, Identity, & ComplianceElastic Load BalancingSecurityAvailability
Language
English
TechTinywHITE
asked a month ago447 views
2 Answers
2

I think you are mixing things here. What it's being updated is the AWS APIs (what we usually call the control plane). So, if you want to interact with AWS via API your client (i.e. SDK or AWS cli) will need to "speak" TLS 1.2 or higher, no AWS API will support TLS 1.x. So, this has nothing to do with the listener of an ELB for your application, which our suggestion is not to use anything lower than TLS 1.2 but that's your decision.

Hope this clarifies your question.

Best,

profile pictureAWS
JuanEn_G
answered a month ago
profile picture
EXPERT
Gary Mclean
reviewed a month ago
0

Yes it is but there is a way to avoid it.
The below knowledge[1] will be help.

[1] How do I allow access to my Amazon S3 buckets to customers who do not use TLS 1.2 or higher? https://repost.aws/knowledge-center/s3-access-old-tls

AWS
EXPERT
hyp
answered a month ago
  • TechTinywHITE
    a month ago

    Sorry, after reading the article, I am even more confused. It seems the suggested solution in the article is to access S3 through a CDN (CloudFront) to address the TLS version issue. My question is, why is CloudFront still able to support TLS 1.0/1.1? According to this notification: https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/, isn't it supposed to no longer support them, just like S3? And, can Elastic Load Balancing (ELB) still support TLS 1.0/1.1?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content