- This topic has 4 replies, 3 voices, and was last updated 10 years, 1 month ago by
.
-
Posts
-
How i the use of the as3tps protocol for AWS downloads impacted by this announcement by Amazon? How shoudlwe responds?
As of 12:00 AM PDT April 30, 2015, AWS will discontinue support of SSLv3 for securing connections to S3 buckets. Security research published late last year demonstrated that SSLv3 contained weaknesses that weakened its ability to protect and secure communications. These weaknesses have been addressed in the replacement for SSL, TLS. Since then, major browser software vendors have been disabling support for SSLv3 and their work is largely complete. Consistent with our top priority to protect AWS customers, AWS will only support versions of the more modern Transport Layer Security (TLS) rather than SSLv3.
The AS3TP/AS3TPS URI is unaffected; because it eventually resolves to an HTTP/HTTPS URI, which is processed by the user’s browser.
You have nothing to worry about from the plugin side of things.
I have been worrying about the same thing. Amazon’s email is head “Action Required”, and says:
For your applications to continue running on Amazon S3, your end users need to access S3 from clients configured to use TLS. As any necessary changes would need to be made in your application, we recommend that you review your applications that are accessing the specified S3 buckets to determine what changes may be required.
Can I confirm that your answer above would apply to me as well and I don’t need to take any action?
Many thanks
I’ve researched more and spoken to my hosting company and we believe that the removal of the ssl certificate will resolve the problem.
Sorry to have raised what is probably a premature issue.
- You must be logged in to reply to this topic.