- Newest
- Most votes
- Most comments
The deprecation of TLS 1.0 and 1.1 is only for AWS endpoints - that is, where you're calling an AWS service and there is an AWS "back-end" which is doing something for you. So think EC2, SQS, SNS and so on.
API Gateway, CloudFront, ALB and a other AWS services are a little unusual in that there are AWS-controlled endpoints for those services (where you call the AWS API to create, modify or delete resources) but you can also create endpoints for your end-users to call your applications. It is your choice as to what ciphers and protocols that you use.
AWS in not deprecating the use of TLS 1.0 and 1.1 on customer-created endpoints - that is: your endpoints that you have created in API Gateway (or other services that allow endpoints to be created). We strongly encourage you to migrate away from TLS 1.0 and 1.1 to more secure alternatives (TLS 1.2 and 1.3) but it is up to you to do that.
So in this case your API endpoints in API Gateway will continue to operate past June 2023. Again: Please make an effort to upgrade your clients and the endpoints themselves - it's a better thing for you and your end-users.
Update: And thanks to a handy tip from a colleague, here's a talk from our re:Inforce conference that addresses this particular issue.
Relevant content
- asked 5 years ago
- asked a year ago
- asked 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
OK, so theoretically public Lambda URLs won't be impacted?
Theoretically, sure. But if I were creating an application (and endpoint) today I would not be choosing the older TLS versions. I appreciate that there are legacy devices and software out there but at some point it's better to do the hard work and ensure that modern protocols are used.