Assets and Amazon Web Services TLS 1.2+ Requirement

June 16, 2023

As of 06/28/2023, Amazon Web Services (AWS) will require Transport Layer Security (TLS) software clients to use TLS v.1.2+. See the AWS Security Blog post here. Assets v4.2.2+ specifies that the the default TLS version used meet this standard.

However, the TLS version is largely determined by the sever. In the case of Assets, connections to AWS use cURL with OpenSSL. If you are using OpenSSL 1.0.1, TLS 1.2 should typically be supported.

Amazon has been emailing clients whose accounts indicate non-compliant traffic, so it's likely the account holder has been notified if there are concerns. To be certain, as per the AWS blog post, you can setup server access logging. If you do see TLS <1.2 access, make certain you are on the latest version of Assets and contact your host.