Closed jamiematrix closed 1 year ago
jamiematrix
commented
1 year ago Looking further at the report, it’s starting to read that a customer/user has accessed the site using an old browser with the following agent: [Mozilla/5.0 (Linux; Android 4.4.2; en-au; SAMSUNG GT-I9195 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Mobile
If true then I apologise for the presumption of thr plug-in at fault. I guess we’ll need to add a policy to block TLS < 1.2?
angrybrad
commented
1 year ago @jamiematrix correct - The AWS-S3 plugin uses the AWS PHP SDK, which will try to use the highest version of TLS it can depending on the browser that initiated the request and the underlying infrastructure the site is running on.
If your infrastructure supports TLS 1.2, then it’s on the requesting browser end (like an old browser).
You can enforce 1.2 through an AWS policy, which will prevent it from connecting.
Description
As title suggests, we got an email from AWS with the following:
“We are reaching out because there are TLS 1.0 or TLS 1.1 connections to Amazon Simple Storage Service (Amazon S3) objects hosted in your account. As AWS is updating the TLS configuration for all AWS API endpoints to a minimum of version TLS 1.2 [1], you must take action as soon as possible for these connections to maintain their access to your S3 objects.“
Presume it’s something related to the plug-in as the S3 bucket in question is only used as asset storage for 1 Craft site. The site has been on AWS for about a month (maybe a little more) and this is the first communication from AWS.
I’m on mobile at the moment, will update site info later
Additional info