December 3, 2009 — AWS has completed a set of updates to its web sites, applications and service APIs to mitigate risks from the SSL and TLS renegotiation vulnerabilities previously reported. There is no impact to customers and no action is required. Customers may optionally consider updating their own systems with any applicable patches to ensure they mitigate against all possible risks from these SSL and TLS vulnerabilities.
November 7, 2009 — Security researchers have recently reported man-in-the-middle (MITM) vulnerabilities involving all versions of Transport Layer Security (TLS) and Secure Sockets Layer (SSL), applying to any application utilizing these protocols. AWS is currently investigating any impact this may have for AWS services and will provide updates via this security bulletin.