AWS Security notification re: SSLv3 deprecation

AWSからこんなタイトルのメールが来た。
以下、本文

Dear AWS Customer,
 
This message explains some security improvements in our services. Your security is important to us. Please review the entire message carefully to determine whether your use of the services will be affected, and if so what you need to do.
 
As of 12:00 AM PDT May 20, 2015, AWS will discontinue support of SSLv3 for securing connections to S3 buckets. Security research published late last year demonstrated that SSLv3 contained weaknesses in its ability to protect and secure communications. These weaknesses have been addressed in Transport Layer Security (TLS), which is the replacement for SSL. Consistent with our top priority to protect AWS customers, AWS will only support versions of the more modern TLS rather than SSLv3.
 
You are receiving this email because some of your users are accessing Amazon S3 using a browser configured to use SSLv3, or some of your existing applications that use Amazon S3 are configured to use SSLv3. These requests will fail once AWS disables support for SSLv3 for the Amazon S3 service.
 
The following bucket(s) are currently accepting requests from clients (e.g. mobile devices, browsers, and applications) that specify SSLv3 to connect to Amazon S3 HTTPS endpoints.
 
hogehoge-bucket : ap-northeast-1
 
For your applications to continue running on Amazon S3, your end users need to access S3 from clients configured to use TLS. As any necessary changes would need to be made in your application, we recommend that you review your applications that are accessing the specified S3 buckets to determine what changes may be required. If you need assistance (e.g. to help identify clients connecting to S3 using SSLv3), please contact our AWS Technical Support or AWS Customer Service.
 
For further reading on SSLv3 security concerns and why it is important to disable support for this nearly 18 year old protocol, we suggest the following articles:
 
https://www.us-cert.gov/ncas/alerts/TA14-290A https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ http://disablessl3.com/#why
 
Thank you for your prompt attention.
 
Sincerely, The Amazon Web Services Team

これ、なんぞ?

お前んとこのバケットにまだSSLv3でS3にアクセスしてる奴いるけど、5/20にSSLv3禁止にするから、今のうちに対応してね。(意訳)

やったこと

  • クライアントのブラウザは無視
  • アプリ内で使用している「AWS SDK for PHP」をバージョンアップ
  • opensslをアップデート

で、様子見・・
大丈夫なんだろうか・・(-_-;)

その他

公式のForumでもワイワイしているので、引き続きウォッチする。
AWS Developer Forums: AWS disables support for SSLv3 for the ...

2015.05.26 追記

期日を過ぎてもS3にアップ出来たので、上記の対応でうまくいったのだろう・・