September 22, 2023

AWS recently announced that TLS 1.2 is going to become the minimum protocol level for API endpoints. The cloud provider will remove backward compatibility and support for versions 1.0 and 1.1 on all APIs and regions by June 2023.

Advertisements

According to AWS, 95% of AWS customers are already using more recent cryptographic protocols and the most common use today of TLS 1.0 or 1.1 are .NET Framework versions earlier than 4.6.2.

Using the recently added tlsDetails field, AWS CloudTrail logs can be monitored to identify if the outdated TLS versions are currently used. AWS recommends parsing the records with CloudTrail Lake, CloudWatch Log Insights or Athena.

CloudWatch Log Insights has two new sample queries that can be used to find log entries where TLS 1.0 or 1.1 was used and find the number of calls per service that used outdated TLS versions.

AWS CLI version 2 already enforces TLS 1.2, the version that is already required for all AWS FIPS endpoints. AWS warns that while most customers still using TLS 1.0 or 1.1 will be notified, not every scenario can be detected by the cloud provider.

Advertisements

To minimize the availability impact of requiring TLS 1.2, AWS is rolling out the changes on an endpoint-by-endpoint basis over the next months. After June 28, 2023, AWS will update the endpoint configuration, even if customers still have connections using older versions.

Tags:

Leave a Reply

You may have missed

SandMan APT Group in action against Telcos

September 22, 2023

Gold Melody IAB Unsunging for Several Years

September 22, 2023

Apple fixes trio of Zeroday Exploits

September 22, 2023

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023
%d bloggers like this: