Menu
I have a basic Amazon S3 SDK code snippet which is used to retrieve a list of buckets. The server is configured to only accept TLSv1.2. I am not able to configure my client to send a TLS v1.2 request, debugging shows that client is always sending a TLSv1. I have tried setting the system property, but that does not work either.
-Dhttps.protocols=TLSv1.2
BasicAWSCredentials credentials = new BasicAWSCredentials(username,password);
AmazonS3 s3 = new AmazonS3Client(credentials);
final String serviceurl = "https://ip:port";
s3.setEndpoint(serviceurl);
S3ClientOptions s3ClientOptions = new S3ClientOptions();
s3ClientOptions.setPathStyleAccess(false);
s3.setS3ClientOptions(s3ClientOptions);
for (Bucket bucket: s3.listBuckets()) {
System.out.println("Bucket name::" + bucket.getName());
}
What am I missing here? How can I configure the code to always send a TLSv1.2 request? I am using AWS SDK 1.7.25. Thanks for your help.
872
getSocketFactory(); SSLSocket socket = (SSLSocket)factory. createSocket(); protocols = socket. getEnabledProtocols(); After running this program within the app the TLS 1.2 gets enabled.
js 12.0. 0 and later use a minimum version of OpenSSL 1.1. 1b, which supports TLS 1.3. The AWS SDK for JavaScript v3 defaults to use TLS 1.3 when available, but defaults to a lower version if required.
While TLS 1.2 can still be used, it is considered safe only when weak ciphers and algorithms are removed. On the other hand, TLS 1.3 is new; it supports modern encryption, comes with no known vulnerabilities, and also improves performance.
Version 1.9.4 of the AWS Java SDK made TLSv1.2 the default.
However, it didn't exist in an enum until version 1.9.14 (code here). I'd suggest using that version as a minimum.
I believe it's possible to inject this information, but it's a lot of work. I'm probably missing a little bit here:
import org.apache.http.conn.ssl.SSLSocketFactory;
import com.amazonaws.ApacheHttpClientConfig;
import com.amazonaws.ClientConfiguration;
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
SSLSocketFactory socketFactory = ctx.engineGetSocketFactory();
ClientConfiguration client = new ClientConfiguration();
ApacheHttpClientConfig apacheClient = client.getApacheHttpClientConfig();
SSLSocketFactory socketContext = apacheClient.getSslSocketFactory();
apacheClient.setSslSocketFactory(socketFactory);
Sources for the injections:
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
