By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to resolve TLS 1.0 1nd 1.1 connection AWS API

0

Hi, We are getting mails regarding the use of AWS API with TLS version 1.0 1nd 1.1 will be deprecated and we must resolve the services to use TLS version 1.2. " We have identified TLS 1.0 or TLS 1.1 connections to AWS APIs from your account that must be updated for you to maintain AWS connectivity. Please update your client software as soon as possible to use TLS 1.2 or higher to avoid an availability impact. " We are using S3, SES SMTP, Load balancer and EC2 services in our account. As I understand if we update the AWS SDK in our application to access SES and S3 resource , the TLS version 1.2 can be updated.
Please correct me if I'm wrong? Also help me to understand how we can resolve the TLS update on all our services affected ?

Thanks and Regards, Sudhanshu Shekhar

  • Fabio Oliveira
    6 months ago

    Could you add the AWS SDK version you are using?

Topics
Internet of Things (IoT)
Tags
Transport Layer Security (TLS)
Language
English
Skillablers-IT
asked 6 months ago301 views
2 Answers
1

Hi,

I would start by identifying the source of the calls (to S3, SES, etc) and then review the host configuration. You may have to upgrade your OS, upgrade .Net if using .Net, enable TLS1.2, upgrade the AWS SDK...

Our blog post is a good starting point to get started. We also have other references I am including below, hopefully it helps getting started:

[1] Enabling TLS 1.2 EC2 Windows Server 2012 to 2022: https://repost.aws/articles/ARZhgX8RY2Qm6KL1IDpkMv_g/enabling-tls-1-2-client-side-support-on-ec2-windows-server-2012-to-2022

[2] Continued support of TLS 1.0/1.1 for my S3 buckets: https://repost.aws/knowledge-center/s3-access-old-tls

[3] Enforcing TLS 1.2 for S3: https://repost.aws/knowledge-center/s3-enforce-modern-tls

[4] How do I find the SMTP clients using deprecated TLS versions?: https://repost.aws/articles/ARpq6we7zwQNCbkGL5IhAarg/how-do-i-find-the-smtp-clients-using-deprecated-tls-versions

[5] How do I find IP addresses of SMTP Clients behind a NAT gateway?: https://repost.aws/articles/ARevUPGDKvRyant5D1MA7yZg/how-do-i-find-ip-addresses-of-smtp-clients-behind-a-nat-gateway

Please note the deadline was June 28, 2023 and our service teams have been gradually rolling out to changes to all endpoints since that date.

profile pictureAWS
EXPERT
Jonathan_D
answered 6 months ago
0

Please refer to this article here: https://aws.amazon.com/jp/blogs/security/tls-1-2-required-for-aws-endpoints/

profile pictureAWS
EXPERT
David
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content