AWS Security Blog

Tag: TLS

Over 40 services require TLS 1.2 minimum for AWS FIPS endpoints

In a March 2020 blog post, we told you about work Amazon Web Services (AWS) was undertaking to update all of our AWS Federal Information Processing Standard (FIPS) endpoints to a minimum of Transport Layer Security (TLS) 1.2 across all AWS Regions. Today, we’re happy to announce that over 40 services have been updated and […]

Read More

Round 2 post-quantum TLS is now supported in AWS KMS

AWS Key Management Service (AWS KMS) now supports three new hybrid post-quantum key exchange algorithms for the Transport Layer Security (TLS) 1.2 encryption protocol that’s used when connecting to AWS KMS API endpoints. These new hybrid post-quantum algorithms combine the proven security of a classical key exchange with the potential quantum-safe properties of new post-quantum […]

Read More

The importance of encryption and how AWS can help

Encryption is a critical component of a defense-in-depth strategy, which is a security approach with a series of defensive mechanisms designed so that if one security mechanism fails, there’s at least one more still operating. As more organizations look to operate faster and at scale, they need ways to meet critical compliance requirements and improve […]

Read More

Round 2 Hybrid Post-Quantum TLS Benchmarks

AWS Cryptography has completed benchmarks of Round 2 Versions of the Bit Flipping Key Encapsulation (BIKE) and Supersingular Isogeny Key Encapsulation (SIKE) hybrid post-quantum Transport Layer Security (TLS) Algorithms. Both of these algorithms have been submitted to the National Institute of Standards and Technology (NIST) as part of NIST’s Post-Quantum Cryptography standardization process. In the […]

Read More

TLS 1.2 to become the minimum for all AWS FIPS endpoints

June 12, 2020: We’ve updated this blog post to include a link to the list of AWS services that require a minimum of TLS 1.2 for FIPS Endpoints.  To improve security for data in transit, AWS will update all of our AWS Federal Information Processing Standard (FIPS) endpoints to a minimum Transport Layer Security (TLS) […]

Read More

How to improve LDAP security in AWS Directory Service with client-side LDAPS

You can now better protect your organization’s identity data by encrypting Lightweight Directory Access Protocol (LDAP) communications between AWS Directory Service products (AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, and AD Connector) and self-managed Active Directory. Client-side secure LDAP (LDAPS) support enables applications that integrate with AWS Directory […]

Read More
s2n logo

Post-quantum TLS now supported in AWS KMS

November 11, 2019: Based on customer feedback, we’ve corrected the name of one of our sources. AWS Key Management Service (AWS KMS) now supports post-quantum hybrid key exchange for the Transport Layer Security (TLS) network encryption protocol that is used when connecting to KMS API endpoints. In this post, I’ll tell you what post-quantum TLS […]

Read More

How to Prepare for AWS’s Move to Its Own Certificate Authority

  July 11, 2019 update: The service team has resolved an error that caused customers to see a “Certificate Transparency Required” message when loading test links in Chrome. March 28, 2018 update: We updated the Amazon Trust Services table by replacing an out-of-date value with a new value. Transport Layer Security (TLS, formerly called Secure […]

Read More

How to Enable Server-Side LDAPS for Your AWS Microsoft AD Directory

August 5, 2020: We’ve made numerous updates to this post to better reflect best practices around Microsoft Certificate Authority deployments. November 26, 2019: We’ve updated the language in this post to reflect new client-side LDAPS support in AWS Managed Microsoft AD. Starting today, you can encrypt the Lightweight Directory Access Protocol (LDAP) communications between your […]

Read More

How to Control TLS Ciphers in Your AWS Elastic Beanstalk Application by Using AWS CloudFormation

Securing data in transit is critical to the integrity of transactions on the Internet. Whether you log in to an account with your user name and password or give your credit card details to a retailer, you want your data protected as it travels across the Internet from place to place. One of the protocols […]

Read More