Fieldtype

Archived
Forum
(read-only)

Simple S3 Uploader

ExpressionEngine 1.x, ExpressionEngine 2

Back to this add-on's main page
View Other Add-ons From eMarketSouth

Simple S3 Uploader  >  Thread
     

AWS will discontinue support of SSLv3

General

Abu Musa
Posted: 07 May 2015 09:36 AM
Abu Musa

Hi,
We’ve received the following email from amazon. Will that affect on S3 image uploader?

Dear AWS Customer,

This message explains some security improvements in our servicesYour security is important to usPlease review the entire message carefully to determine whether your use of the services will be affected, and if so what you need to do.

As of 12:00 AM PDT May 202015AWS will discontinue support of SSLv3 for securing connections to S3 bucketsSecurity research published late last year demonstrated that SSLv3 contained weaknesses in its ability to protect and secure communicationsThese weaknesses have been addressed in Transport Layer Security (TLS), which is the replacement for SSLConsistent with our top priority to protect AWS customersAWS will only support versions of the more modern TLS rather than SSLv3.

You are receiving this email because some of your users are accessing Amazon S3 using a browser configured to use SSLv3, or some of your existing applications that use Amazon S3 are configured to use SSLv3These requests will fail once AWS disables support for SSLv3 for the Amazon S3 service.

The following bucket(sare currently accepting requests from clients (e.gmobile devicesbrowsers, and applicationsthat specify SSLv3 to connect to Amazon S3 HTTPS endpoints.

editorialist us-east-1

For your applications to continue running on Amazon S3your end users need to access S3 from clients configured to use TLS. As any necessary changes would need to be made in your applicationwe recommend that you review your applications that are accessing the specified S3 buckets to determine what changes may be required. If you need assistance (e.gto help identify clients connecting to S3 using SSLv3), please contact our AWS Technical Support or AWS Customer Service.

For further reading on SSLv3 security concerns and why it is important to disable support for this nearly 18 year old protocolwe suggest the following articles:

https://www.us-cert.gov/ncas/alerts/TA14-290A
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
http://disablessl3.com/#why

Thank you for your prompt attention.

Sincerely,
The Amazon Web Services Team 

Thanks,
Musa
 
eMarketSouth
Posted: 15 May 2015 08:24 PM # 1
Developer
eMarketSouth

Hello Musa,

There doesn’t appear to be an option for selecting tls or ssl connections in the S3 Uploader code, that should be controlled through your server’s curl library. You may need to check with your server administrator to make sure your server’s php and curl library settings are configured correctly.
 
 
← S3::listBuckets(): [AccessDenied] Access Denied Updated S3 class due to failed uploads →