Created
April 15, 2015 16:56
-
-
Save anonymous/4240c8af5208782c144c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Dear AWS Customer, | |
| Your security is important to us. This message explains some security improvements in our services. Please review the entire message carefully to determine whether your use of the services will be affected, and if so what you need to do. | |
| As of 12:00 AM PDT April 30, 2015, AWS will discontinue support of SSLv3 for securing connections to S3 buckets. Security research published late last year demonstrated that SSLv3 contained weaknesses that weakened its ability to protect and secure communications. These weaknesses have been addressed in the replacement for SSL, TLS. Since then, major browser software vendors have been disabling support for SSLv3 and their work is largely complete. Consistent with our top priority to protect AWS customers, AWS will only support versions of the more modern Transport Layer Security (TLS) rather than SSLv3. | |
| The following bucket(s) are currently accepting requests from clients that specify SSLv3 to connect to S3 HTTPS endpoints. | |
| Bucket Name : Region | |
| ----------------------------- | |
| xyz1 : us-east-1 | |
| xyz2 : us-east-1 | |
| xyz3 : us-east-1 | |
| These requests will fail once AWS disables support for SSLv3 for the Amazon S3 service. To avoid interrupted access, you must update any client software (or inform any clients to update software) making the requests that are using SSLv3 to connect to S3 HTTPS endpoints. | |
| For further reading on SSLv3 security concerns and why it is important to disable support for this nearly 18 year old protocol, we suggest the following articles: | |
| https://www.us-cert.gov/ncas/alerts/TA14-290A | |
| https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ | |
| http://disablessl3.com/#why | |
| We are happy to discuss with you in detail the necessary changes you must perform to ensure continued secure access to your S3 content. | |
| Thank you for your prompt attention. | |
| Sincerely, | |
| The Amazon Web Services Team | |
| Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment