Amazon requires TLS 1.2, Warns me, But that's all I'm running?

I’ve received a message from Amazon telling me that they’re getting TLS 1.0 and 1.1 connection requests to my account:

“We have identified TLS 1.0 or TLS 1.1 connections to AWS APIs from your account that must be updated for you to maintain AWS connectivity. Please update your client software as soon as possible to use TLS 1.2 or higher to avoid an availability impact. We recommend considering the time needed to verify your changes in a staging environment before introducing them into production.”

But everywhere I look in my server config, I have TLS 1.0 and 1.1 disabled. I have many sites on that server, not so many have SSL enabled, I’ve checked them all, and only TLS 1.2 is enabled.

Is there somewhere to do this at the admin level for all sites?

What server config? I can’t think of any server in a Virtualmin system that interacts with AWS in any way.

And, what kind of AWS requests?

My first impression was this is for this AWS account. I wasn’t sure so I stayed quiet.

Thanks for the answer. I use “config” generally, I pretty much looked everywhere in Webmin, and at the SSL Options page for the web sites I have set up on the server in Virtualmin. At first I assumed Amazon was referring to configuration that corresponds to this page in Virtualmin, at:

apache/edit_virt.cgi?virt=######.com:443&type=14&xnavigation=1

But you can see from my screen shot that I only have TLS 1.2 enabled.

ssloptions1032×267 38.4 KB

Yes, this server is running on an AWS instance. That’s Amazon’s relevance to the question.

Apache is not talking to AWS. So, you’re looking in the wrong place.

Nothing Virtualmin manages is talking to anything in AWS, unless you are backing up to S3 buckets, in which case, Virtualmin is using whatever version of awscli is installed on your system, which may or may not be using outdated protocols (but probably not). Or, if you are using Virtualmin to manage Route 53 DNS records, that would also be Virtualmin talking to AWS APIs. But, you didn’t mention either of those, so…I dunno.

That error means something is communicating with AWS APIs, which probably has nothing to do with Virtualmin, and may not have anything to do with your EC2 instances (probably doesn’t). What other apps do you have that are using AWS?

But, it definitely has nothing to do with Apache configuration.

Thanks. I AM backing up to S3. I’ll check versions of awscli on Monday. But shouldn’t package management be keeping that current?

I can’t think of anything else that’s interfacing with AWS.

Just a thought, you are using an end of life OS (31 May 2023), perhaps there is a difference between 1.1.1-1ubuntu2.1 and the current version 3.0.2-0ubuntu1.10 which is causing an issue

The maintainer of the package is not keeping it up to date, this has been reported a few times. This is not virtualmin.

Yup. That was my next question. Remember that I presumed this solution for this topic was changing a setting somewhere.

But the old version - not only an EOL release but an installation that can’t update! I have a number of updates pending in Webmin, that get an error when I try to do so. For example:

Err:1 Index of /infra/ubuntu/ bionic-infra-security/main amd64 imagemagick-6-common all 8:6.9.7.4+dfsg-16ubuntu6.15+esm1
401 Unauthorized [IP: xxx.xxx.xxx.xx 443]

For EACH package that needs updating. I don’t think this is technically an EOL issue since Webmin really seems to think there’s packages to update. It’s seeing them somewhere. 401 Unauthorized indicates a permission issue somewhere.