AWS Security Blog

Tag: TLS

Amazon introduces dynamic intermediate certificate authorities

September 30, 2022: The blog has been updated to include the addition of the CN=Starfield Services Root Certificate Authority – G2,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US root in the Amazon Trust Services root CA certificate chart. AWS Certificate Manager (ACM) is a managed service that lets you provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer […]

How to tune TLS for hybrid post-quantum cryptography with Kyber

August 3, 2022: This post has been updated to include Secrets Manager info. We are excited to offer hybrid post-quantum TLS with Kyber for connecting to AWS Key Management Service (AWS KMS), AWS Secrets Manager, and AWS Certificate Manager (ACM). In this blog post, we share the performance characteristics of our hybrid post-quantum Kyber implementation, […]

TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints

July 20, 2022: This post was updated with a new reference to the public list of services that populate TLS in CloudTrail. At Amazon Web Services (AWS), we continuously innovate to deliver you a cloud computing environment that works to help meet the requirements of the most security-sensitive organizations. To respond to evolving technology and […]

How to use ACM Private CA for enabling mTLS in AWS App Mesh

Securing east-west traffic in service meshes, such as AWS App Mesh, by using mutual Transport Layer Security (mTLS) adds an additional layer of defense beyond perimeter control. mTLS adds bidirectional peer-to-peer authentication on top of the one-way authentication in normal TLS. This is done by adding a client-side certificate during the TLS handshake, through which […]

Use ACM Private CA for Amazon API Gateway Mutual TLS

October 5, 2021: In the section “Retrieving your ACM Private CA root CA certificate public key,” in step 4, we’ve updated the formatting of the commands to indicate placeholder text. May 14, 2021: In the section “Retrieving your ACM Private CA root CA certificate public key,” in step 1, we updated the command to include […]

How to confirm your automated Amazon EBS snapshots are still created after the TLS 1.2 uplift on AWS FIPS endpoints

We are happy to announce that all AWS Federal Information Processing Standard (FIPS) endpoints have been updated to only accept a minimum of Transport Layer Security (TLS) 1.2 connections. This ensures that our customers who run regulated workloads can meet FedRAMP compliance requirements that mandate a minimum of TLS 1.2 encryption for data in transit. Attempts […]

TLS 1.2 will be required for all AWS FIPS endpoints beginning March 31, 2021

To help you meet your compliance needs, we’re updating all AWS Federal Information Processing Standard (FIPS) endpoints to a minimum of Transport Layer Security (TLS) 1.2. We have already updated over 40 services to require TLS 1.2, removing support for TLS 1.0 and TLS 1.1. Beginning March 31, 2021, if your client application cannot support […]

Over 70 services require TLS 1.2 minimum for AWS FIPS endpoints

March 18, 2021: This post was originally published in February 2021. Since then, the number of services that require a TLS minimum of 1.2 has grown from over 40 to over 70. We’ve updated this post accordingly. In a March 2020 blog post, we told you about work Amazon Web Services (AWS) was undertaking to […]

Round 2 post-quantum TLS is now supported in AWS KMS

AWS Key Management Service (AWS KMS) now supports three new hybrid post-quantum key exchange algorithms for the Transport Layer Security (TLS) 1.2 encryption protocol that’s used when connecting to AWS KMS API endpoints. These new hybrid post-quantum algorithms combine the proven security of a classical key exchange with the potential quantum-safe properties of new post-quantum […]

The importance of encryption and how AWS can help

Encryption is a critical component of a defense-in-depth strategy, which is a security approach with a series of defensive mechanisms designed so that if one security mechanism fails, there’s at least one more still operating. As more organizations look to operate faster and at scale, they need ways to meet critical compliance requirements and improve […]