AWS TLS 1.2 Minimum for all AWS API endpoints: Dalet Action Plan
Action plan for TLS 1.2
In light of the announcement TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints.
The following products are affected:
| Dalet Product Line | Component |
|
All Dalet Galaxy versions, including 4.0.352, 4.0.352 SP 01-11 need the update below. 4.0.352 SP 12 and up and 4.0.383 do not need any action. |
awscli from MTA (Media Transcoder Agent) |
| Flex | not relevant |
| Amberfin | not relevant |
| Pyramid | not relevant |
| Brio | not relevant |
| CubeNG | not relevant |
Solution
For the affected Dalet Galaxy versions listed above, due to the nature of negotiating the TLS version, you may indeed manage without any action taken.
You can check via AWS CloudTrail Lake what TLS protocal has been negotiated: https://aws.amazon.com/blogs/mt/using-aws-cloudtrail-lake-to-identify-older-tls-connections-to-aws-service-endpoints/
In case that the connection is refused and/or if you want to be on the safe side, it is recommended to do the following:
Download the AWS_TLS_update_Amazon.zip file:
https://github.com/aws/aws-cli/archive/refs/tags/2.8.9.zip
Do not forget to check the "I am not a robot" box and, if necessary, identify the bridges and bikes or whatever is shown. It may even take several rounds. Otherwise your login attempt will fail.
- On all hosts running MTA instances: Stop them. You can also go host by host, and stop before executing the following:
- "Backup the folder C:\Program Files\Dalet\DaletPlus\bin\Amazon\AWSCLI, then replace it with the AWSCLI folder extracted from awscli-2.8.9.zip"
- Restart MTA instance.
- Repeat on next host.
Comments
0 comments
Please sign in to leave a comment.