In July 2023, AWS started sending out warnings to anyone using their Simple Email Service (SES) who had been identified as having TLS 1.0 or TLS 1.1 connections. These warnings flagged that the accounts must be updated to TLS1.2 or higher in order to maintain AWS connectivity.
On September 15, 2023, AWS will begin deploying updates to their TLS configuration to a minimum of version TLS 1.2, with the rollout scheduled to be completed by December 31, 2023. This means that if you don’t update your SES service to use a minimum of TLS1.2, then between September 15 and December 31, your service will eventually cease working as intended.
What is TLS 1.2?
To many, TLS 1.2 is just more technical jargon that means little. As a quick explanation, TLS stands for Transport Layer Security and is a cryptographic protocol that ensures secure communication between two systems, typically a client (such as a web browser) and a server (such as a website). TLS protocol versions, denoted as TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, etc., represent the evolution of security measures to counteract vulnerabilities and exploits.
TLS 1.2 was released in 2008 and brought about significant improvements over its predecessors. It introduced stronger cryptographic algorithms and more robust security mechanisms, providing enhanced protection against various cyber threats. TLS1.2 is now the standard for website SSL Certificates, and it is also becoming the standard for SMTP (email sending) services, with AWS being one of the last commercial mail sending services to enforce the move to TLS1.2.
The Importance of Upgrading from TLS 1.0 or 1.1 to TLS 1.2 if you are using AWS SES
There are a few reasons why you should upgrade to TLS1.2.
A key reason is to reduce security vulnerabilities. TLS 1.0 and 1.1 have known vulnerabilities that could potentially be exploited by attackers. These vulnerabilities could lead to data breaches, unauthorised access, and other security breaches.
However in regards to your systems that are using AWS SES, the primary reason to upgrade to TLS 1.2 is to avoid account disruption and ensure that your website, application, system, printer, IoT (Internet of Things) or embedded device is able to continue sending out emails which may exist in the form of order confirmations, payment receipts, automated reports, system warnings, account notifications, password resets, and many more.
Failure to make this upgrade, or take other alleviating actions, could result in major disruptions to your business services that are reliant on email sending.
Making the Transition
Upgrading from TLS 1.0 or 1.1 to TLS 1.2 can be quite daunting, and requires careful planning and implementation. Organisations, in partnership with a trusted developer, should assess their current systems, applications, and infrastructure to ensure compatibility with the new protocol.
However, in some cases, upgrading your website, application, system, printer, IoT or embedded device to meet the TLS1.2 requirements can require significant work or potentially not be possible to do at all.
But do not fret as Code Brewery is here to help! We have been working hard to develop and thoroughly test our own middleware service as a solution for this issue that many organisations will now face.
Our middleware service can be applied in a range of ways, so please reach out to Anthony as soon as possible to arrange a time to discuss this in more detail, either via anthony@codebrewery.com or on 0433 677 783.
Code Brewery – delivering software solutions that work.