AWS S3 SSLv3 Deprecation

[Mark Graves]

Hey everyone, 

I realize this is more of a server administration question than web2py in specific, but I want to make sure I cover all my bases,

I recently received an email from AWS about their deprecation of SSLv3 in connecting to S3.

I have an app deployed behind nginx, but the only ssl protocols I have enabled are TLS.

The app does have publicly available URLS for images that are served out of s3 which could conceivably be getting crawled somehow, but there is no connection that I make over SSLv3 since the POODLE attack to which I'm aware.

Anyone have thoughts on how this might be happening, or do you think this was just an AWS auto-generated message?

-Mark

[Niphlod]

the problem would arise only if you connect to S3 to fetch whatever is stored there AND you use a library that allows ONLY SSLv3.
Since most of python modules manage other https algorithms without issues AND you're using S3 just as a repo to serve basically static assets, there's no issue: Amazon is simply stating that they'll reject ANY request made to S3 files from whatever client (usually, your users browsers) using SSLv3.

<tl;dr> Don't worry. 

[Mark Graves]

Thank you!

Mark Graves

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/Gz_8hg9Pv7Q/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.