-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update S3 object access TLS #628
Comments
We haven't received any similar notices and use TLS 1.2 extensively in production, so I suspect it works fine. I would assume the AWS SDK handles any of this seamlessly provided you're using a relatively recent version of PHP, but I'd suggest conducting your own testing to evaluate it. |
@Airhune I got a notification today stating the same thing. Did you resolve your issue? My S3 access from this library was flagged as TLS1.0. They suggest this as a configuration change:
My bucket policy is blank, but since @rmccue says they're using TLS 1.2 in production, I need to figure out why my requests seem to be using TLS 1.0. How did you force PHP to use TLS 1.2? EDIT: Just ran the following script and it says all my servers are using TLS 1.3, so not sure why Amazon is detecting 1.0. My current assumption is small number of users are browsing these websites with a TLS 1.0 encryption. I have enabled logging to confirm.
|
Thanks for the ping here, we actually did get a ping today, but only for our us-east-1 region and not any others. I'm wondering if it might be related to old-style bucket URLs. Going to have our engineers check this in any case. |
Noting that the affected resource notes a user agent of:
Which is definitely not our internal systems; could be from a lingering direct reference. @Airhune @nbyloff Are you seeing similar for your user agents? (The agent for the AWS SDK should be |
@rmccue I enabled logging on my S3 bucket and the first handful I looked at show valid requests using TLSv1.2 and one TLSv1.3. So far since the errors for me were on GET requests, I am leaning towards the errors are triggered when a client browses a page, loading images with a client using TLSv1.0 |
@rmccue In aws healt dashboard it appears that I have the following resource affected by tls 1.0 connections: I have been investigating when the BPImageWalker function is called but I do not know its origin and since it is a bucket that we use specifically for wordpress uploads, I understand that it comes from the plugin itself |
I recently received that I should update the current TLS 1.0 connection to TLS 1.2 in the amazon bucket that I use for uploading images, is there any compatibility problem with the plugin or should I make any configuration changes?
The text was updated successfully, but these errors were encountered: