Posted On: Jan 8, 2024

Amazon OpenSearch Service adds support for Transport Layer Security (TLS) version 1.3 amongst its transport security options for domain endpoint security. TLS 1.3 offers customers enhanced security and performance as compared to older TLS versions. In addition, we now support perfect forward secrecy, which provides additional safeguards against eavesdropping of encrypted data, through the use of a unique random session key. 

Amazon OpenSearch Service is protected by the network security procedures, and offers domain endpoint security by providing predefined TLS policies that will help customers encrypt their traffic end-to-end by enforcing HTTPS. With this launch, we recommend that customers start using TLS 1.3 for improved security posture. For more information about TLS options, please see the documentation.  

To learn more about Amazon OpenSearch Service, please visit the product page.

Support for TLS 1.3 is available for OpenSearch Service domains in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD.