TLS 1.2

  • Resolved Susan Metoxen

    (@smetoxen)


    1 year, 11 months ago

    Amazon S3 is going to start enforcing a minimum of TLS 1.2. Our website host uses TLS 2. However, Amazon S3 has sent us two examples of recent requests using TLS 1.1.

    Does the TLS version come exclusively from the website hosting, or are there settings in the plugin that affect the TLS version used?

    Thanks!

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Delicious Brains

    (@deliciousbrains)

    WP Offload Media uses the Amazon S3 API via HTTPS, using the server’s PHP libraries to do so. In particular cURL with OpenSSL is usually what is used to make those API calls.

    As long as your server is using OpenSSL version 1.0.1 or later, released in March 2012, TLS 1.2 is supported.

    You can check what version of OpenSSL WP Offload Media will likely use by looking at the Diagnostic Info in its Support tab.

    For the vast majority of sites, it is very unlikely that it is WP Offload Media’s Amazon S3 API usage that is causing this notice from Amazon S3 regarding enforcing a minimum of TLS 1.2.

    The most likely cause of these notices is using raw bucket URLs for delivery.

    If you are not using a CDN such as CloudFront or Cloudflare for delivering your media, then if a very old browser that does not support TLS 1.2, or a search engine crawler bot or any other kind of bot access the site, their access of those bucket URLs are considered as S3 API requests using a soon to be unsupported version of TLS.

    The best way to fix this is by using a CDN such as CloudFront or Cloudflare for delivery.

    -IJ

    Thread Starter Susan Metoxen

    (@smetoxen)

    That was extremely helpful. We seem to be ok because we are on OpenSSL 3.0.8. Thank you so much.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘TLS 1.2’ is closed to new replies.