diff --git a/doc_source/document-history.adoc b/doc_source/document-history.adoc index a09cbb7..767bcc7 100644 --- a/doc_source/document-history.adoc +++ b/doc_source/document-history.adoc @@ -24,6 +24,10 @@ history. |Description |Date +|xref:security-java-tls[] +|Update TLS security information +|22 March 2022 + |xref:setup-additional[] |Added more information about setting up and using credentials |22 February 2021 diff --git a/doc_source/security-data-protection.adoc b/doc_source/security-data-protection.adoc index 3827f50..3511038 100644 --- a/doc_source/security-data-protection.adoc +++ b/doc_source/security-data-protection.adoc @@ -27,7 +27,7 @@ For data protection purposes, we recommend that you protect {AWS-account} creden * Use multi-factor authentication (MFA) with each account. -* Use SSL/TLS to communicate with {AWS} resources. We recommend TLS 1.2 or later. +* Use SSL/TLS to communicate with {AWS} resources. * Set up API and user activity logging with {CTlong}. * Use {AWS} encryption solutions, with all default security controls within {AWS-services}. * Use advanced managed security services such as Amazon Macie, which assists in discovering and securing personal data that is stored in {S3}. diff --git a/doc_source/security-java-tls.adoc b/doc_source/security-java-tls.adoc index 38c73c4..94c9f5a 100644 --- a/doc_source/security-java-tls.adoc +++ b/doc_source/security-java-tls.adoc @@ -1,11 +1,12 @@ //!!NODE_ROOT
include::../../includes.txt[] + [."topic"] [[security-java-tls,security-java-tls.title]] -= [[aws-sdk-for-java-support-for-tls-1-2, SDK for Java support for TLS 1.2]]{sdk-java} support for TLS 1.2 += [[aws-sdk-for-java-support-for-tls, SDK for Java support for TLS]]{sdk-java} support for TLS :info_doctype: section -:info_title: {sdk-java} support for TLS 1.2 -:info_titleabbrev: Enforcing TLS 1.2 +:info_title: {sdk-java} support for TLS +:info_titleabbrev: Enforcing a minimum TLS Version :info_abstract: Applies to Java SSL implementation (default SSL implementation in the SDK). Learn how the {AWS} shared responsibility model applies to data protection in this {AWS} product or service. [abstract] @@ -15,19 +16,14 @@ Applies to Java SSL implementation (default SSL implementation in the SDK). Lear The following information applies only to Java SSL implementation (the default SSL implementation in the {sdk-java}). If you're using a different SSL implementation, see your specific SSL implementation to learn how to enforce TLS versions. -[[tls-support-in-java,tls-support-in-java.title]] -== TLS support in Java - -TLS 1.2 is supported starting in Java 7. - [[how-to-check-the-tls-version,how-to-check-the-tls-version.title]] == How to check the TLS version -To check what TLS version is supported in your Java virtual machine (JVM), you can use the following code. +Consult your Java virtual machine (JVM) provider's documentation to determine which TLS versions are supported on your platform. For some JVMs, the following code will print which SSL versions are supported. [source,java] ---- -System*.out.println(*Arrays*.toString(*SSLContext*.getDefault().getSupportedSSLParameters().getProtocols())); +System.out.println(Arrays.toString(SSLContext.getDefault().getSupportedSSLParameters().getProtocols())); ---- To see the SSL handshake in action and what version of TLS is used, you can use the system property **javax.net.debug**. @@ -39,32 +35,15 @@ java app.jar -Djavax.net.debug=ssl [[how-to-set-the-tls-version,how-to-set-the-tls-version.title]] -== How to set the TLS version - -*{sdk-java} 1.x* - - - -* Apache HTTP client: The SDK always prefers TLS 1.2 (if it's supported in the platform). - -*{sdkjavav2}* +== Enforcing a minimum TLS Version +The SDK always prefers the latest TLS version supported by the platform and service. If you wish to enforce a specific minimum TLS version, consult your JVM's documentation. - -* ApacheHttpClient: The SDK always prefers TLS 1.2 (if it's supported in the platform). -* UrlHttpConnectionClient: To enforce only TLS 1.2, you can use this Java command. - - -[source,java] ----- -java app.jar -Djdk.tls.client.protocols=TLSv1.2 ----- - -Or use this code. +For OpenJDK-based JVMs, you can use the system property **jdk.tls.client.protocols**. [source,java] ---- -System.setProperty("jdk.tls.client.protocols", "TLSv1.2"); +java app.jar -Djdk.tls.client.protocols=PROTOCOLS ---- -* NettyNioHttpClient: The SDK dependency for Netty is TLS 1.2 (if it's supported in the platform). +Consolt your JVM's documentation for the supported values of **PROTOCOLS**. \ No newline at end of file