- Newest
- Most votes
- Most comments
It is my pleasure to help nice people like yourself. The good news is that your S3 buckets are already TLS 1.2 compliant. This is really referring to the client. The clients which are connecting to S3 are out of date and are not communicating using the latest standards, like TLS 1.2. So you need to review the website in Siteground and make some updates to the software that is connecting to the bucket. For example, if you are using AWS SDK or CLI, then these should be updated to the latest version.
Hope this helps, if so please accept this answer.
Thank you for getting back to me so quickly and so clearly Bryant. I really appreciate both aspects as someone who is very new to this giant environment. Thank you. Thanks for reassuring me that I seem to be all good at my bucket and S3 level here. If I am understanding your reply properly are you saying that it is my website with Siteground that is causing these emails to me and my changes need to be done on that side? I know no shame or have no embarrassment with how I run my website and think honesty is always the best policy. It is certainly always the funniest I find and the laugh is usually at my expense... So here goes with further confessionals. Our website is currently running Joomla 3.x and PHP 7 but is finally due to migrate to Joomla 4 and PHP 8 in the next 10 days. Are these the kind of upgrades and changes that will stop these issues going forward where you say: "The clients which are connecting to S3 are out of date and are not communicating using the latest standards, like TLS 1.2. So you need to review the website in Siteground and make some updates to the software that is connecting to the bucket"?
"For example, if you are using AWS SDK or CLI, then these should be updated to the latest version." - This part has thrown me sorry as i am not knowingly aware I am using these but have seen them referenced in other emails or posts. Should I be using them and do they need particular skills to learn?
All I do is (and again feeling awkward and simplistic) upload my videos to my bucket through AWS console. Copy the video URL to my clipboard. Create a Joomla article in my website and enclose the URL within curly brackets for a video player joomla extension I have installed in my site. That's my box of chocolates! When we talk clients are we meaning software like Joomla, PHP and maybe the video player extension or people visiting my site not having the latest browser or some such? I'm thinking more my website software is the client here and will updating the website CMS and extensions bring me up to speed and be where I need to be? Thank you so much for your patience, understanding and humility so far and I do apologise for not being better with my knowledge. As in having none whatsoever. I realise the AWS re:Post community is going to be benefitting me far more than I can possible benefit back.
Bob
Yes the issue is on the client side, so it is likely related to your website. Upgrading PHP to a new version is certainly a good idea. I've never coded in PHP so I can't be certain this will resolve the issue.
I read your reply carefully and can now see that you're probably not using the AWS SDK or CLI to perform the uploads. So you don't need to worry about this to solve the TLS 1.2 issue.
The "client" is exactly as you have mentioned. It is anything requesting videos, content, etc from the S3 bucket. These clients must be using TLS 1.2 to resolve the issue.
As a debugging technique, you could consider changing the S3 bucket policy and require that all request using TLS 1.2 or higher. If you make this change, it will deny requests that are not TLS 1.2. This means it could break something. But this also provides a clue. Whatever stops working is the part the needs updating.
Here's a post describing how to adjust the bucket policy: https://repost.aws/knowledge-center/s3-enforce-modern-tls
I suggest making a backup of any S3 polices that you change so you can roll back to the original and keep your site operational.
Thanks again Bryant Really good advice and I really appreciate your time to reply. I'm going to give this a go with the policy changes and post link you provided too.
I did confess to being a newbie here and I now want to ask something else about these posts please? Have I been a total bozo and submitted my reply to you as an answer? Have I managed to stuff up the way the threads work Bryant sorry? I'm seeing I can accept my 'Answer' that was really a question and then your brilliant help is kinda nested on my question. Have I made a mess of things even asking for help too? Oh my oh my. This could be embarrassing for me hey? :) I realise that you should get the thanks and any reward points for helping me Bryant so please let me know how.
I don't want you thinking this is a post you regret stumbling upon.
Thanks
Bob
Hi Bob. You did fine. I was able to follow and hopefully you'll be able to resolve your issue. If you'd like to help me with rewards points, simply "Accept my Answer" on the first shared answered that I provided. Also give it a thumbs up. Much appreciated! Bryant
Relevant content
- Accepted Answerasked a year ago
- asked a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Thanks Bryant This original answer above and the brilliant follow up comment from you below really did help me understand things better thanks. I was feeling like I didn't fully understand what was needed but you have given me some great insight and knowledge thanks. I will give things a try and come back to you if it works for me. Bob