[AdvancedAmazonS3] Changes coming from Amazon S3

[AdvancedAmazonS3] Changes coming from Amazon S3

  
Forge Component
(24)
Published on 2013-08-08 by Ricardo Pereira
24 votes
Published on 2013-08-08 by Ricardo Pereira
I recieved this message from Amazon today:  Is the Advanced AmazonS3 connector affected by this?

Dear AWS Customer,
 
Your security is important to us. This message explains some security improvements in our services. Please review the entire message carefully to determine whether your use of the services will be affected, and if so what you need to do.
 
As of 12:00 AM PDT April 30, 2015, AWS will discontinue support of SSLv3 for securing connections to S3 buckets. Security research published late last year demonstrated that SSLv3 contained weaknesses that weakened its ability to protect and secure communications.  These weaknesses have been addressed in the replacement for SSL, TLS. Since then, major browser software vendors have been disabling support for SSLv3 and their work is largely complete. Consistent with our top priority to protect AWS customers, AWS will only support versions of the more modern Transport Layer Security (TLS) rather than SSLv3.
 
These requests will fail once AWS disables support for SSLv3 for the Amazon S3 service. To avoid interrupted access, you must update any client software (or inform any clients to update software) making the requests that are using SSLv3 to connect to S3 HTTPS endpoints.
 
For further reading on SSLv3 security concerns and why it is important to disable support for this nearly 18 year old protocol, we suggest the following articles:
https://www.us-cert.gov/ncas/alerts/TA14-290A
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
http://disablessl3.com/#why
 
We are happy to discuss with you in detail the necessary changes you must perform to ensure continued secure access to your S3 content.
 
Thank you for your prompt attention.
 
Sincerely,
The Amazon Web Services Team
Hello Allen,

What this means is that clients connecting to Amazon S3 will need to support at least TLS v1.0 in order to be able to connect.

This would only affect legacy operating systems like Windows XP, and maybe (not likely) Windows 2003.

My guess is that you're most likely safe from any impact this may have.

Best regards,
Ricardo Silva
Thank you for the reply

Best
Allen

Hi Ricardo. I am having problems uploading files since we turned on ssl on the web screen where we do the file upload using amazon S3. I get an "access denied" message. Previously when it did work , the server was configured for ssl but the web flows did not have https security set to SSL.


Does this extension support TLS or is it only the outsystems server and the browser that have to support TLS?

Do you have any thoughts as to what might be causing the access denied message?

The access denied message came from the amazon account lacking the proper rights. After fixing that , file uploading has mostly worked. There is an intermittent error. "Could not find file C:\Windows\Temp\tmp9453.tmp". I've never been able to reproduce this error myself but have had it reported by multiple users. The file upload happens in a popup screen. One user reported that closing and reopening the popup seemed to fix the problem. Anyone have any thoughts or seen that error message before?

Message:


Could not find file 'C:\Windows\TEMP\tmpC623.tmp'.


Environment InformationeSpaceVer: 11 (Id=353, PubId=664, CompiledWith=9.0.1.40)
RequestUrl: https://webapps.dirtt.net/Contracts/POdocsAndcomments.aspx?_ts=1478883610670 (Method: POST)
AppDomain: /LM/W3SVC/1/ROOT/Contracts-133-131231291673331150
FilePath: d:\Outsystems\Platform Server\running\Contracts.302604051\POdocsAndcomments.aspx
Locale: en-US
DateFormat: MM-dd-yyyy
PID: 3856 ('w3wp', Started='4/5/2016 9:20:53 AM', Priv=1561Mb, Virt=10828Mb)
TID: 367
Thread Name:
.NET: 4.0.30319.34209
Stack:
Could not find file 'C:\Windows\TEMP\tmpC623.tmp'.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileInfo.get_Length()
   at OutSystems.NssFileSystem.CssFileSystem.MssFile_GetSize(String ssPath, Int32& ssSize)
   at ssFileUpload.RssExtensionFileSystem.MssFile_GetSize(HeContext heContext, String inParamPath, Int32& outParamSize)