Upgrading the minimum TLS version to TLSv1.2

At AttachmentScanner security is a core part of what we do. We have supported TLS versions 1.2 and 1.3 for some time now. However, we've never actually stopped older clients from connecting to the AttachmentScanner Antivirus Clusters. We beleive that moving forward, it's best to prevent connections using older protocols.

Although our initial analysis suggests that nobody is currently connecting with the older protocols, we think it's best to provide some warning for the change.

On 01/09/2021 we will disable TLS 1.0 and 1.1

As part of this upgrade, the ciphers allowed for encryption will also be updated. To begin with, we'll be upgrading to ELBSecurityPolicy-FS-1-2-2019-08. Shortly after, we intend to move to ELBSecurityPolicy-FS-1-2-Res-2019-08. The latter is a slightly more restrictive Cipher set. However, we think moving forward, it's the best way to keep data transfer safe.

The AWS Security Policies table shows more details of the ciphers allowed with each of the policies.

On 01/09/2021 we will use ELBSecurityPolicy-FS-1-2-2019-08

On 01/12/2021 we will use ELBSecurityPolicy-FS-1-2-Res-2019-08

Please contact us if this is likely to cause you any problems. We'll publish another blog post detailing how we query large amounts of request data soon.