AWS S3 Disabling Sslv3 Support

Asked

Viewed 122 times

2

I received an email from AWS that basically says S3 will no longer support Sslv3. Then they listed the list of Buckets that are receiving requests on Sslv3 and one of my Buckets is production. The complete e-mail can be seen here:

https://gist.github.com/anonymous/4240c8af5208782c144c

My question is: how can I test this scenario and what I need to do to fix this problem?

I use Python 2.7, Django(1.4.20) and Boto(2.27.0)

This is just a client problem or something I need to better understand and test/fix?

  • Already made the exchange protocol of the requests that use SSLv3 for the use of the protocol S3 HTTPS Endpoints, as stated in the email?

  • Where should this change take place? In the Amazon console or in the application?

  • To avoid interrupted access, you must update any client software (or inform any clients to update software) making the requests that are using SSLv3 to connect to S3 HTTPS endpoints. -> Based on this line, is specifying that the modification should be made in the application (software).

  • But how do I test if my application is making the requests via Sslv3 or S3 HTTPS endpoints?

  • so S3 http endpoints is not a protocol, it is a url that is no longer accessed by Sslv3 for people to test the access of applications

  • Simple guy just see which server you’re using (like apache, Nginx, etc.) and disable Sslv3 support here’s a howto http://disablessl3.com/

  • By all indications, just exchange the URL you are calling in the application for the most current replacement of it.

Show 2 more comments

1 answer

0


This is only a problem if you have clients that access S3 and do not support TLS v1.0. Among old customers who fall in this group are Android 2 and Java 6.

Try running the www.SSLabs.com testing tool on your domain, it makes a complete diagnosis of your SSL/TLS and even lists which customers your site is or is not compatible with.

From what I understand the email you received is only valid for the S3. If you are running a server in EC2 instance, it does not apply because who implements SSL/TLS is Django, not Amazon.

If you are using multiple EC2 instances with ELB, the SSL/TLS configuration is done on the ELB, but I think it is still configurable to support Sslv3 on the ELB (default is off).

  • The "problem" had already been solved, but your answer is quite pertinent to the question so I will mark it as correct :). In my case, no changes were made on my part, after the change everything continued to work perfectly.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.