AWS S3 Disabling support for SSLv3

2

I received an email from AWS that says basically that S3 will no longer support SSLv3. So they listed the list of buckets that are receiving requests in SSLv3 and one of my buckets is production. The full email can be viewed here:

link

My question is: how can I test this scenario and what do I need to do to fix this?

I use Python 2.7, Django (1.4.20) and Boto (2.27.0)

Is this just a client problem or something that I need to better understand and test / correct?

    
asked by anonymous 24.04.2015 / 21:38

1 answer

0

This is only a problem if you have clients accessing S3 and do not support TLS v1.0. Among older customers falling into this group are Android 2 and Java 6.

Try running the www.SSLabs.com testing tool on your domain, it makes a complete diagnosis of your SSL / TLS and even list which clients your site is compatible with.

From what I understand the email you received is only valid for S3. If you are running a server on EC2 instance, it does not apply because it implements SSL / TLS is Django, not Amazon.

If you are using multiple EC2 instances with ELB, the SSL / TLS configuration is done in ELB, but I think it is still configurable to support SSLv3 in ELB.

    
13.08.2015 / 05:15