TLS 1.0 or 1.1 connection - Need to upgrade to TLS 1.2

[mateostabio]

We just received an email from AWS saying "there are TLS 1.0 or TLS 1.1 connections to Amazon S3 objects hosted in your account. As AWS is updating the TLS config for all AWS API endpoints to a minimum of TLS 1.2, you must take action as soon as possible for these connections to maintain their access to your S3 object."

I wanted to know if this is a setting in the AWS-S3 plugin or a FortRabbit server setting, or perhaps just Craft CMS config setting?

• Craft version: Craft CMS 3.8.4
• PHP version: 8.0.28
• Database driver & version: MySQL 8.0.31
• Plugins & versions: Amazon S3 1.3.2

Thanks

[angrybrad]

The AWS PHP S3 client that this plugin uses, should already be using TLS 1.2 by default.

If there are other things connecting to that s3 bucket, then they might be using older TLS 1.0/1.1 versions.

I'm not sure what Fortrabbit's TLS policies are across their stack or if this is a bucket you're providing or they're providing for you, but definitely worth asking them about.

Note that you can force the bucket to only accept TLS 1.2 through bucket policies ahead of time, if you want to get an idea of how it will impact you before AWS implements it: https://repost.aws/knowledge-center/s3-enforce-modern-tls

Some extra reading for you: https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/