Skip to content

Instantly share code, notes, and snippets.

Created April 15, 2015 16:56
Show Gist options
  • Save anonymous/4240c8af5208782c144c to your computer and use it in GitHub Desktop.
Save anonymous/4240c8af5208782c144c to your computer and use it in GitHub Desktop.
Dear AWS Customer,
Your security is important to us. This message explains some security improvements in our services. Please review the entire message carefully to determine whether your use of the services will be affected, and if so what you need to do.
As of 12:00 AM PDT April 30, 2015, AWS will discontinue support of SSLv3 for securing connections to S3 buckets. Security research published late last year demonstrated that SSLv3 contained weaknesses that weakened its ability to protect and secure communications. These weaknesses have been addressed in the replacement for SSL, TLS. Since then, major browser software vendors have been disabling support for SSLv3 and their work is largely complete. Consistent with our top priority to protect AWS customers, AWS will only support versions of the more modern Transport Layer Security (TLS) rather than SSLv3.
The following bucket(s) are currently accepting requests from clients that specify SSLv3 to connect to S3 HTTPS endpoints.
Bucket Name : Region
-----------------------------
xyz1 : us-east-1
xyz2 : us-east-1
xyz3 : us-east-1
These requests will fail once AWS disables support for SSLv3 for the Amazon S3 service. To avoid interrupted access, you must update any client software (or inform any clients to update software) making the requests that are using SSLv3 to connect to S3 HTTPS endpoints.
For further reading on SSLv3 security concerns and why it is important to disable support for this nearly 18 year old protocol, we suggest the following articles:
https://www.us-cert.gov/ncas/alerts/TA14-290A
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
http://disablessl3.com/#why
We are happy to discuss with you in detail the necessary changes you must perform to ensure continued secure access to your S3 content.
Thank you for your prompt attention.
Sincerely,
The Amazon Web Services Team
Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment