Action plan for TLS 1.2
In light of the announcement TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints.
The following products are affected:
|Dalet Product Line||Component|
All Dalet Galaxy versions, including 4.0.352, 4.0.352 SP 01-11 need the update below.
4.0.352 SP 12 and up and 4.0.383 do not need any action.
|awscli from MTA (Media Transcoder Agent)|
For the affected Dalet Galaxy versions listed above, due to the nature of negotiating the TLS version, you may indeed manage without any action taken.
You can check via AWS CloudTrail Lake what TLS protocal has been negotiated: https://aws.amazon.com/blogs/mt/using-aws-cloudtrail-lake-to-identify-older-tls-connections-to-aws-service-endpoints/
In case that the connection is refused and/or if you want to be on the safe side, it is recommended to do the following:
Download the AWS_TLS_update_Amazon.zip file from Dalet FTP:
Do not forget to check the "I am not a robot" box and, if necessary, identify the bridges and bikes or whatever is shown. It may even take several rounds. Otherwise your login attempt will fail.
On all hosts running MTA instances: Stop them.
You can also go host by host, and stop before executing the following:
- Unzip the zip.
- Browse to the Dalet installation BIN folder. Delete the AMAZON folder.
- Copy the AMAZON folder from the unzipped location into the BIN folder.
- Restart MTA instance.
- Repeat on next host.