Posted On: Dec 20, 2022

To respond to evolving technology and regulatory standards for Transport Layer Security (TLS), we will be updating the TLS configuration for Amazon Web Services API endpoints of all services to a minimum of version TLS 1.2. This update means you will no longer be able to use TLS versions 1.0 and TLS versions 1.1 with all Amazon Web Services APIs in Amazon Web Services China Regions by June 28, 2023. In this post, we will tell you how to check your TLS version, and what to do to prepare.

If you are one of the more than 95% of our customers are already using TLS 1.2 or later, and will not be impacted by this change. You are almost certainly already using TLS 1.2 or later if your client software application was built after 2014 using an Amazon Software Development Kit (Amazon SDK), Amazon Command Line Interface (Amazon CLI), Java Development Kit (JDK) 8 or later, or another modern development environment. Customers still using TLS 1.0 or TLS 1.1 must update your client software to use TLS 1.2 or later to maintain your ability to connect. You will be notified on your Amazon Health Dashboard, and by email.

After June 28, 2023, we will update our API endpoint configuration to remove TLS 1.0 and TLS 1.1, even if you still have connections using these versions. It is important to understand that you already have control over the TLS version used when connecting. When connecting to Amazon Web Services API endpoints, your client software negotiates its preferred TLS version, and we use a high mutually agreed upon version. This new configuration will apply to all Amazon Web Services API endpoint of all services in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. For more information and guidance please visit here or the blog.