the problem would arise only if you connect to S3 to fetch whatever is stored there AND you use a library that allows ONLY SSLv3. Since most of python modules manage other https algorithms without issues AND you're using S3 just as a repo to serve basically static assets, there's no issue: Amazon is simply stating that they'll reject ANY request made to S3 files from whatever client (usually, your users browsers) using SSLv3.
<tl;dr> Don't worry. On Wednesday, April 15, 2015 at 11:54:26 PM UTC+2, Mark Graves wrote: > > Hey everyone, > > I realize this is more of a server administration question than web2py in > specific, but I want to make sure I cover all my bases, > > I recently received an email from AWS about their deprecation of SSLv3 in > connecting to S3. > > I have an app deployed behind nginx, but the only ssl protocols I have > enabled are TLS. > > The app does have publicly available URLS for images that are served out > of s3 which could conceivably be getting crawled somehow, but there is no > connection that I make over SSLv3 since the POODLE attack to which I'm > aware. > > Anyone have thoughts on how this might be happening, or do you think this > was just an AWS auto-generated message? > > -Mark > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
