By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

s3 tls update still, getting email from aws that s3 tls is 1 instaed of 1.2

0

I have updated the policy for s3 bucket and we made the necessary changes from the coding side as well. I have checked the OpenSSL version in my server as well it's 1.2. Still, aws are saying that the bucket has tls version is 1. Can anyone guide me now on what is wrong here? Thank you!! Used this doc as well: https://repost.aws/knowledge-center/s3-enforce-modern-tls

Topics
Storage
Tags
Storage
Language
English
rePost-User-2163669
asked 10 months ago300 views
1 Answer
0

This article provides information on the changes and how to find what is still making TLS 1.0 and 1.1 calls.

https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/

AWS CloudTrail records are especially useful to identify if you are using the outdated TLS versions. You can now search for the TLS version used for your connections by using the recently added tlsDetails field. The tlsDetails structure in each CloudTrail record contains the TLS version, cipher suite, and the client-provided host name used in the service API call, which is typically the fully qualified domain name (FQDN) of the service endpoint. You can then use the data in the records to help you pinpoint your client software that is responsible for the TLS 1.0 or 1.1 call, and update it accordingly. Over half of AWS services currently provide the TLS information in the CloudTrail tlsDetails field, and we are continuing to roll this out for the remaining services in the coming months.

profile pictureAWS
EXPERT
iBehr
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content