- Newest
- Most votes
- Most comments
Hello Richard,
Thanks for reaching out.
The approach to follow is to use CloudTrail to find an event that uses TLS 1.0 or TLS1.1. You will get additional information such as SourceIp or the PrincipalID. Here is a guidance on how you can use CloudTrail Lake: https://aws.amazon.com/blogs/mt/using-aws-cloudtrail-lake-to-identify-older-tls-connections-to-aws-service-endpoints/. You can use the pre-defined queries there to catch the TLS 1.0/1.1 events.
If this does not return any result, this could mean the workload is stopped or the issue was resolved. Your account manager can reach out internally as well for us to assist with more information so we can check more information for you.
For this specific entry without more details than this finding, you should follow Microsoft guidance to enable TLS 1.2 at the OS level and upgrade .Net dependencies. Please find below a few links that will share lights on this:
- TLS 1.2 OS level settings https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client
- SDK for .Net versions: https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/enforcing-tls.html
- Enforcing TLS for AWS SDK for .NET: https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/enforcing-tls.html
Hope it helps,
Jon
Relevant content
- asked 8 months ago
- asked 4 months ago
- Accepted Answerasked 9 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Thanks for your reply Jon. I went through the Cloud Trail process and unless I did something absurdly wrong could find no old TLS events in the last year. But another of the [Action Required] emails came through yesterday so something is sill not right. The other tutorials seem to cover only old versions of Windows - I am using Win 11 Pro - and I couldn't see how to apply the principles. So for the moment at least I can't see how to make progress with this. I'll see if I can make contact with my account manager as you suggest Richard