Replies: 2 comments
-
We don't have documentation with a list of the TLS version supported by each AWS service endpoint. One way to test it is to use third-party tools that will test and generate reports on the endpoint provided, like Qualys SSL Labs and testssl.sh - please note these are just suggestions, these tools are not maintained by AWS. The AWS Security blog post has more information on how to identify if you are using TLS 1.0 or TLS 1.1 - |
Beta Was this translation helpful? Give feedback.
-
Thank you for your response. I would really wish you would, and urge you to provide such endpoints to help customers with this transition. You are making a major change to your API infrastructure that will have an effect to all usage of your APIs. While this will only have a noticeable effect to a small number of customers (those using outdated software), this transition is very difficult for many of them. This includes us. For example we have requirements that we need to support outgoing TLS 1.0 and 1.1 connections in the same software that needs to make API calls to your endpoint, and thus that part needs to transition to TLS 1.2 only. This makes it very difficult for us to validate the changes without testing endpoints. What I'm suggesting is that you would run parallel endpoints to your APIs that use a different hostname (that would be configured manually to client software) where that version of the API uses the protocol settings you will switch to in June. This would allow customers to do a controlled transition test, with the possibility of rolling back to the main API endpoints in case things don't work out. |
Beta Was this translation helpful? Give feedback.
-
Hi,
AWS has informed us that in June 2023, TLS 1.0 and 1.1 will be deprecated in the API endpoints. In some cases, support for TLS 1.2 needs to be added into Java software running older JVMs and older versions of the Java SDK (by for example using bouncycastle). To make sure this software will continue to work after the change, I would like to test the software against endpoints that are already configured to only use TLS 1.2 (or higher). Are there such endpoints for AWS APIs available?
Thanks,
Sampo
Beta Was this translation helpful? Give feedback.
All reactions