Tag: TLS

September 13, 2023: Over 65% of AWS service API endpoints now support TLS version 1.3. We are continuing work to enable TLS version 1.3 on AWS service API endpoints globally. At Amazon Web Services (AWS), we strive to continuously improve customer experience by delivering a cloud computing environment that supports the most modern security technologies. […]

Customers who require private keys for their TLS certificates to be stored in FIPS 140-2 Level 3 certified hardware security modules (HSMs) can use AWS CloudHSM to store their keys for websites hosted in the cloud. In this blog post, we will show you how to automate the deployment of a web application using NGINX […]

April 11, 2023: This post had been updated to provide clarifications: The recommendation to use SES or WorkMail as part of this solution is for receiving TLS reports sent via email from mail receiving organizations. It is unrelated to the BIMI and MTA-STS aspects or any core functionality of the solution.. If you own a […]

AWS Certificate Manager (ACM) is a managed service that enables you to provision, manage, and deploy public and private SSL/TLS certificates that you can use to securely encrypt network traffic. You can now use ACM to request Elliptic Curve Digital Signature Algorithm (ECDSA) certificates and associate the certificates with AWS services like Application Load Balancer (ALB) […]

February 27, 2023: We’ve updated question and answer #3 on this blog post. October 7, 2022: This blog post has been updated to include a Frequently Asked Questions section at the end. September 30, 2022: This blog post has been updated to include the addition of the CN=Starfield Services Root Certificate Authority – G2,O=Starfield Technologies\, […]

January 25, 2023: AWS KMS, ACM, Secrets Manager TLS endpoints have been updated to only support NIST’s Round 3 picked KEM, Kyber. s2n-tls and s2n-quic have also been updated to only support Kyber. BIKE or other KEMs may still be added as the standardization proceeds. August 3, 2022: This post has been updated to include […]

September 28, 2023: AWS GovCloud (US) is complete, which means that AWS now enforces use of TLS 1.2+ across all AWS GovCloud (US) public API endpoints. June 1, 2023: This blog post has been updated to add a timeline to clarify the key dates. To avoid a disruption to your AWS workloads, you must update […]

Securing east-west traffic in service meshes, such as AWS App Mesh, by using mutual Transport Layer Security (mTLS) adds an additional layer of defense beyond perimeter control. mTLS adds bidirectional peer-to-peer authentication on top of the one-way authentication in normal TLS. This is done by adding a client-side certificate during the TLS handshake, through which […]

October 5, 2021: In the section “Retrieving your ACM Private CA root CA certificate public key,” in step 4, we’ve updated the formatting of the commands to indicate placeholder text. May 14, 2021: In the section “Retrieving your ACM Private CA root CA certificate public key,” in step 1, we updated the command to include […]

We are happy to announce that all AWS Federal Information Processing Standard (FIPS) endpoints have been updated to only accept a minimum of Transport Layer Security (TLS) 1.2 connections. This ensures that our customers who run regulated workloads can meet FedRAMP compliance requirements that mandate a minimum of TLS 1.2 encryption for data in transit. Attempts […]