AWS S3 Disabling SSLv3 Support

Question

We received an email from AWS that basically says \'S3 is disabling SSLv3 Support, access will be cut-off in 15 days\'. They then listed some buckets we have (one in production)

Answer 1

It is a client-side issue entirely , if the protocol that the client (e.g the browser) uses to issue requests over https is SSLv3 , than the ssl handshake will not succeed and these requests will fail. So it's the client that needs to disable SSLv3.

AWS's action is a follow-up on the POODLE vulnerability uncovered last year , and since then also all the AWS CloudFront distributions that use the *.cloudfront.net domain name have been updated with discontinued SSLv3 support .Now AWS is moving on to S3 to do the same.