Everything in AWS is an API, is it secure?
EDIT: 2020-08-01 SHA-1 Windows content to be retired in 2 days. Amazon is in an ever decreasing group of cryptography ignorant providers.
EDIT: 2020-08-07 China believes TLS 1.3 privacy (hidden identity, not to be confused with confidentiality of data) is so effective they are going to block all TLS 1.3 traffic. Researchers have a work around but China will surely adapt.
EDIT: 2020-08-20 Microsoft enables TLS 1.3 by default in latest Windows 10 builds
EDIT: 2020-08-29 On October 15 Microsoft will no longer support TLS 1.0/1.1 for any Office365 product. Also all linux software in the Microsoft repos will disable these insecure protocols.
We all know that everything in AWS is an API right?
Some people I speak to, as a consultant, hear this common cliche but not many consider the implications of this infamous characteristic of AWS.
All of the services in AWS internally communicate over the same APIs that customers also use, and non-customers alike, as all access by default is public.
This public API has a name; Query Request HTTP API, it's not common knowledge and is the lowest common methods for how all things happen in AWS.
Where is the Query Request API used?
Everywhere.
You simply cannot use AWS without interacting with the Query Request API, and AWS itself cannot operate without it;
- Services that intercommunicate. e.g.
Lambda > CloudWatch
IAM > CloudTrail
CloudFormation deploying things
everything uses it - Official SDKs; like botocore for python, all SDKs use it
- Terraform by HashiCorp used boto3 but pivoted to the Query Request API
Everything uses the Query Request API!
How does the Query Request API work?
AWS implement the RESTful API model on top of HTTP, with both TLS and plain HTTP. endpoints available.
Though it is almost impossible to be strictly RESTful and remain functionally usable, AWS provide an exceptionally close alignment to RESTful designs.
There are multiple ways to craft a HTTP request to interact with the Query Request API, any HTTP client, even the web browser itself, is capable.
Authentication
The common supported authentication method of the Query Request API is called Signature Version 4. My investigations into EC2 and Lambda has uncovered that AWS still uses (and therefore supports) Signature Version 2.
Both Sigv2 and Sigv4 implement hash-based message authentication code (HMAC), which relies on an out-of-band pre-shared secret with the client.
This secret also enables the server to derive a client identity.
The AWS implementation of HMAC uses their Secret Key
as the secret, which corresponds to their Key Id
as the identity.
Clients perform a special procedure called request signing, essentially giving you a data integrity guarantee no different from what TLS offers.
Signing is complex, so many developers prefer to use an SDK instead of understanding and performing the signing procedure themselves.
Are the SDKs secure?
Not exactly.
Using SDKs often make it difficult, even impossible, to customise your interactions with the Query Request API and optimise for security.
SDKs by-design will abstract complexities away from the developers.
Framework primarily prioritise developer experience, reduced lines of code, and low barrier of learning to get started.
Developers who never move down the stack below the SDK need to understand their security configuration, and equally the frameworks don't consider security configurations (such as protocol and ciphers) important to developer.
This means the SDK often optimise functionality for the widest user environment, support backwards-compatibility for old technology, and are slow to expose new security features to users if they are not requesting them.
I have identified various SDKs security defaults to be insufficient in some client environments. A good observation is they typically don't allow insecure downgrades in protocol or weak cipher negotiation (which are typically controlled by priority order server-side) but common to all SDKs I investigated, none allowed the client to specify the desired ciphers (aligned to the customers requirements) that inform the server negotiation procedure.
Is the AWS Secret Key secure?
To obtain a pre-shared secret, AWS customers can generate Key Id
and it's Secret Key
from an IAM User, or obtain a token issued via STS. Most AWS Resources also provide you a built-in key/secret pair representing the identity of the AWS Resource belonging to you rather than one of your user identities.
In terms of security of the Secret Key
itself, it would normally be important for an attacker to try figuring out what makes up the value of the Secret Key
, to learn how to produce a Secret Key
in a predictable reproducible way, to learn what it itself contains within.
But for HMAC which is completely random, there is only a perceived value in figuring this out.
The true value in the HMAC secret is that you perform actions as the identity it belongs to - skipping any authentications checks.
By having the Secret Key
AWS assumes you are both authenticated and authorised to perform all action associated with that identity - limited only by IAM policy and various resource policies that may be in place.
So yes, Secret Key's are secure. Keep them safe, they are necessary, powerful, and radioactive.
It is surprising Signature Version 2 is still supported because it implements HMAC-SHA1, which was deprecated in 2013 after being broken and proven to be insecure the year prior.
But isn't HMAC still considered secure?
Yes Sigv4 HMAC is still considered safe today, but Sigv2 uses SHA1.
The first research demonstrating flaws with SHA1 appeared in 2005, various researchers improved it over the past decade. The advancement announced in 2012 and published in 2013 prompted the industry to officially announce it deprecation.
Essentially HMAC uses a signature algorithm no different from TLS, AWS signature algorithm choices are;
AWS Auth name | Hashing Signature | Status |
---|---|---|
Sigv2 | HMAC-SHA1 | Deprecated 2012 |
Sigv4 | HMAC-SHA256 | First flaw was CVE-2018-10844 effecting AWS |
Basically the reason for SHA1 deprecation was due to the hash uses Merkle–Damgård padding, which is fundamentally vulnerable to a length extension attack and cannot be fixed. Just consider the computing power in 2005 when SHA1 was published as broken, when the proofs emerged in 2012 is still an extremely long time ago for technology.
We are now in 2020.
HMAC-SHA256 has been subjected to various attacks, so it is an insufficient signature algorithm choice for AWS to continue supporting. It is not immune to hash collisions either, so this alone should be reason enough to deprecate it.
This is the time where we need to simply point out that as an industry, it is well known that the SHA-based signatures are problematic at best, and generally considered harmful.
I wonder why AWS has chosen to ignore this?
As a recommendation for AWS, the AES-GCM signature algorithm is already prolific, it would be a good choice.
It is an widely accepted and scrutinised choice, with many sources available for implementation. A certain video conferencing product who Amazon recently announced partnership with, has relatively much fewer resources, has announced a 90-day plan to implement this as 1 small feature from a long list of security improvements.
The Query Request API is secure right?
To answer that let's define secure.
Most security professionals will agree on at least 3 characteristics, but i'll provide another 3 that can be more important
- Confidential in most cases yes, but not always.
Read about TLS confidentiality myths, basically enforcing ciphers that apply Forward Secrecy is the best we have for Query Request API confidentiality, and that only applies where confidentiality can be enforced by TLS of course - Integrity yes, in all cases by virtue of both TLS1.3 and HMAC-SHA256
- Available for any service to have at least 99.99% SLA, the API must also
- Non-repudiation yes, HMAC-SHA256 provides identity and TCP/HTTP includes teh additional metadata
- Known vulnerabilities exist however, so this is undesired.
- Customer Secure Configurations are possible if you use the Query Request API directly rather than the SDKs.
AWS do offer us many security features - few are default secure.
Testing
Not too technical? That's fine, Qualys has a pretty decent test online here that gives similar results.
Let's gather some data using https://testssl.sh
testssl --quiet --mode parallel --standard --protocols -c --header --vulnerable --sneaky --phone-out --ids-friendly --nodns min --warnings off --hints --wide --grease --pfs --show-each --server-defaults --server-preference --client-simulation --color 0 https://calculator.s3.amazonaws.com/index.html
produces;
Start 2020-08-29 22:20:32 -->> 52.216.186.211:443 (calculator.s3.amazonaws.com) <<--
rDNS (52.216.186.211): (instructed to minimize DNS queries)
Service detected: HTTP
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered (deprecated)
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 not offered and downgraded to a weaker protocol
NPN/SPDY not offered
ALPN/HTTP2 not offered
Testing for server implementation bugs
No bugs found.
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4] (w/o export) not offered (OK)
Triple DES Ciphers / IDEA offered
Obsolete: SEED + 128+256 Bit CBC cipher offered
Strong encryption (AEAD ciphers) offered (OK)
Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
PFS is offered (OK), ciphers follow (client/browser support is important here)
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
x1302 TLS_AES_256_GCM_SHA384 any AESGCM 256 TLS_AES_256_GCM_SHA384 not a/v
x1303 TLS_CHACHA20_POLY1305_SHA256 any ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256 not a/v
xcc14 ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD not a/v
xcc13 ECDHE-RSA-CHACHA20-POLY1305-OLD ECDH ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD not a/v
xcc15 DHE-RSA-CHACHA20-POLY1305-OLD DH ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD not a/v
xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 available
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 not a/v
xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 available
xc024 ECDHE-ECDSA-AES256-SHA384 ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 not a/v
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA available
xc00a ECDHE-ECDSA-AES256-SHA ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA not a/v
xa3 DHE-DSS-AES256-GCM-SHA384 DH AESGCM 256 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 not a/v
x9f DHE-RSA-AES256-GCM-SHA384 DH AESGCM 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 not a/v
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 not a/v
xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 256 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 available
xccaa DHE-RSA-CHACHA20-POLY1305 DH ChaCha20 256 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 not a/v
xc0af ECDHE-ECDSA-AES256-CCM8 ECDH AESCCM8 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 not a/v
xc0ad ECDHE-ECDSA-AES256-CCM ECDH AESCCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_CCM not a/v
xc0a3 DHE-RSA-AES256-CCM8 DH AESCCM8 256 TLS_DHE_RSA_WITH_AES_256_CCM_8 not a/v
xc09f DHE-RSA-AES256-CCM DH AESCCM 256 TLS_DHE_RSA_WITH_AES_256_CCM not a/v
x6b DHE-RSA-AES256-SHA256 DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 not a/v
x6a DHE-DSS-AES256-SHA256 DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 not a/v
x39 DHE-RSA-AES256-SHA DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA not a/v
x38 DHE-DSS-AES256-SHA DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA not a/v
xc077 ECDHE-RSA-CAMELLIA256-SHA384 ECDH Camellia 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 not a/v
xc073 ECDHE-ECDSA-CAMELLIA256-SHA384 ECDH Camellia 256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 not a/v
xc4 DHE-RSA-CAMELLIA256-SHA256 DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 not a/v
xc3 DHE-DSS-CAMELLIA256-SHA256 DH Camellia 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 not a/v
x88 DHE-RSA-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA not a/v
x87 DHE-DSS-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA not a/v
xc043 DHE-DSS-ARIA256-CBC-SHA384 DH ARIA 256 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 not a/v
xc045 DHE-RSA-ARIA256-CBC-SHA384 DH ARIA 256 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 not a/v
xc049 ECDHE-ECDSA-ARIA256-CBC-SHA384 ECDH ARIA 256 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 not a/v
xc04d ECDHE-RSA-ARIA256-CBC-SHA384 ECDH ARIA 256 TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 not a/v
xc053 DHE-RSA-ARIA256-GCM-SHA384 DH ARIAGCM 256 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 not a/v
xc057 DHE-DSS-ARIA256-GCM-SHA384 DH ARIAGCM 256 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 not a/v
xc05d ECDHE-ECDSA-ARIA256-GCM-SHA384 ECDH ARIAGCM 256 TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 not a/v
xc061 ECDHE-ARIA256-GCM-SHA384 ECDH ARIAGCM 256 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 not a/v
xc07d - DH CamelliaGCM 256 TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 not a/v
xc081 - DH CamelliaGCM 256 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 not a/v
xc087 - ECDH CamelliaGCM 256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 not a/v
xc08b - ECDH CamelliaGCM 256 TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 not a/v
x1301 TLS_AES_128_GCM_SHA256 any AESGCM 128 TLS_AES_128_GCM_SHA256 not a/v
x1304 TLS_AES_128_CCM_SHA256 any AESCCM 128 TLS_AES_128_CCM_SHA256 not a/v
x1305 TLS_AES_128_CCM_8_SHA256 any AESCCM8 128 TLS_AES_128_CCM_8_SHA256 not a/v
xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 available
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 not a/v
xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 available
xc023 ECDHE-ECDSA-AES128-SHA256 ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 not a/v
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA available
xc009 ECDHE-ECDSA-AES128-SHA ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA not a/v
xa2 DHE-DSS-AES128-GCM-SHA256 DH AESGCM 128 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 not a/v
x9e DHE-RSA-AES128-GCM-SHA256 DH AESGCM 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 not a/v
xc0ae ECDHE-ECDSA-AES128-CCM8 ECDH AESCCM8 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 not a/v
xc0ac ECDHE-ECDSA-AES128-CCM ECDH AESCCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_CCM not a/v
xc0a2 DHE-RSA-AES128-CCM8 DH AESCCM8 128 TLS_DHE_RSA_WITH_AES_128_CCM_8 not a/v
xc09e DHE-RSA-AES128-CCM DH AESCCM 128 TLS_DHE_RSA_WITH_AES_128_CCM not a/v
x67 DHE-RSA-AES128-SHA256 DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 not a/v
x40 DHE-DSS-AES128-SHA256 DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 not a/v
x33 DHE-RSA-AES128-SHA DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA not a/v
x32 DHE-DSS-AES128-SHA DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA not a/v
xc076 ECDHE-RSA-CAMELLIA128-SHA256 ECDH Camellia 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 not a/v
xc072 ECDHE-ECDSA-CAMELLIA128-SHA256 ECDH Camellia 128 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 not a/v
xbe DHE-RSA-CAMELLIA128-SHA256 DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 not a/v
xbd DHE-DSS-CAMELLIA128-SHA256 DH Camellia 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 not a/v
x9a DHE-RSA-SEED-SHA DH SEED 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA not a/v
x99 DHE-DSS-SEED-SHA DH SEED 128 TLS_DHE_DSS_WITH_SEED_CBC_SHA not a/v
x45 DHE-RSA-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA not a/v
x44 DHE-DSS-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA not a/v
xc042 DHE-DSS-ARIA128-CBC-SHA256 DH ARIA 128 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 not a/v
xc044 DHE-RSA-ARIA128-CBC-SHA256 DH ARIA 128 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 not a/v
xc048 ECDHE-ECDSA-ARIA128-CBC-SHA256 ECDH ARIA 128 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 not a/v
xc04c ECDHE-RSA-ARIA128-CBC-SHA256 ECDH ARIA 128 TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 not a/v
xc052 DHE-RSA-ARIA128-GCM-SHA256 DH ARIAGCM 128 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 not a/v
xc056 DHE-DSS-ARIA128-GCM-SHA256 DH ARIAGCM 128 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 not a/v
xc05c ECDHE-ECDSA-ARIA128-GCM-SHA256 ECDH ARIAGCM 128 TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 not a/v
xc060 ECDHE-ARIA128-GCM-SHA256 ECDH ARIAGCM 128 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 not a/v
xc07c - DH CamelliaGCM 128 TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 not a/v
xc080 - DH CamelliaGCM 128 TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 not a/v
xc086 - ECDH CamelliaGCM 128 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 not a/v
xc08a - ECDH CamelliaGCM 128 TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 not a/v
Elliptic curves offered: prime256v1 secp384r1
Testing server preferences
Has server cipher order? yes (OK)
Negotiated protocol TLSv1.2
Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
Cipher order
TLSv1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA
TLSv1.1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA
TLSv1.2: ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES256-SHA384 AES128-GCM-SHA256
AES256-GCM-SHA384 AES128-SHA AES128-SHA256 AES256-SHA AES256-SHA256 DES-CBC3-SHA
Testing server defaults (Server Hello)
TLS extensions (standard) "server name/#0" "EC point formats/#11" "renegotiation info/#65281"
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support yes
Session Resumption Tickets no, ID: no
TLS clock skew Random values, no fingerprinting possible
Signature Algorithm SHA256 with RSA
Server key size RSA 2048 bits
Server key usage Digital Signature, Key Encipherment
Server extended key usage TLS Web Server Authentication, TLS Web Client Authentication
Serial / Fingerprints 082DF68EE9C69315BEBF72079B3810FD / SHA1 3FE05B486E3F0987130BA1D4EA0F299539A58243
SHA256 272FC283BF3EDC52F6F3387A9C5247A20C5D7176FE81EC3EABA4B3A8E57F8674
Common Name (CN) *.s3.amazonaws.com
subjectAltName (SAN) *.s3.amazonaws.com s3.amazonaws.com
Issuer DigiCert Baltimore CA-2 G2 (DigiCert Inc from US)
Trust (hostname) Ok via SAN wildcard (same w/o SNI)
Chain of trust Ok
EV cert (experimental) no
ETS/"eTLS", visibility info not present
Certificate Validity (UTC) 194 >= 60 days (2019-11-09 11:00 --> 2021-03-12 23:00)
# of certificates provided 2
In pwnedkeys.com DB not in database
Certificate Revocation List http://crl3.digicert.com/DigiCertBaltimoreCA-2G2.crl, not revoked
http://crl4.digicert.com/DigiCertBaltimoreCA-2G2.crl, not revoked
OCSP URI http://ocsp.digicert.com, not revoked
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) (instructed to minimize DNS queries)
Certificate Transparency yes (certificate extension)
Testing HTTP header response @ "/index.html"
HTTP Status Code 200 OK
HTTP clock skew 0 sec from localtime
Strict Transport Security not offered
Public Key Pinning --
Server banner AmazonS3
Application banner --
Cookie(s) (none issued at "/index.html")
Security headers Cache-Control no-cache no-store must-revalidate
Reverse Proxy banner --
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension
ROBOT not vulnerable (OK)
Secure Renegotiation (RFC 5746) supported (OK)
Secure Client-Initiated Renegotiation likely not vulnerable (OK), timed out
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/index.html" tested
POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
TLS_FALLBACK_SCSV (RFC 7507) Check failed, unexpected result , run testssl -Z --debug=1 and look at /tmp/testssl.TpvX5W/*tls_fallback_scsv.txt
SWEET32 (CVE-2016-2183, CVE-2016-6329) VULNERABLE, uses 64 bit block ciphers
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services
https://censys.io/ipv4?q=272FC283BF3EDC52F6F3387A9C5247A20C5D7176FE81EC3EABA4B3A8E57F8674 could help you to find out
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389)
TLS1:
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA available
xc00a ECDHE-ECDSA-AES256-SHA ECDH AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA not a/v
xc022 SRP-DSS-AES-256-CBC-SHA SRP AES 256 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA not a/v
xc021 SRP-RSA-AES-256-CBC-SHA SRP AES 256 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA not a/v
xc020 SRP-AES-256-CBC-SHA SRP AES 256 TLS_SRP_SHA_WITH_AES_256_CBC_SHA not a/v
x91 DHE-PSK-AES256-CBC-SHA DHEPSK AES 256 TLS_DHE_PSK_WITH_AES_256_CBC_SHA not a/v
x39 DHE-RSA-AES256-SHA DH AES 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA not a/v
x38 DHE-DSS-AES256-SHA DH AES 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA not a/v
x37 DH-RSA-AES256-SHA DH/RSA AES 256 TLS_DH_RSA_WITH_AES_256_CBC_SHA not a/v
x36 DH-DSS-AES256-SHA DH/DSS AES 256 TLS_DH_DSS_WITH_AES_256_CBC_SHA not a/v
x88 DHE-RSA-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA not a/v
x87 DHE-DSS-CAMELLIA256-SHA DH Camellia 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA not a/v
x86 DH-RSA-CAMELLIA256-SHA DH/RSA Camellia 256 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA not a/v
x85 DH-DSS-CAMELLIA256-SHA DH/DSS Camellia 256 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA not a/v
xc019 AECDH-AES256-SHA ECDH AES 256 TLS_ECDH_anon_WITH_AES_256_CBC_SHA not a/v
x3a ADH-AES256-SHA DH AES 256 TLS_DH_anon_WITH_AES_256_CBC_SHA not a/v
x89 ADH-CAMELLIA256-SHA DH Camellia 256 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA not a/v
xc00f ECDH-RSA-AES256-SHA ECDH/RSA AES 256 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA not a/v
xc005 ECDH-ECDSA-AES256-SHA ECDH/ECDSA AES 256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA not a/v
x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA available
xc036 ECDHE-PSK-AES256-CBC-SHA ECDHEPSK AES 256 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA not a/v
x84 CAMELLIA256-SHA RSA Camellia 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA not a/v
x95 RSA-PSK-AES256-CBC-SHA RSAPSK AES 256 TLS_RSA_PSK_WITH_AES_256_CBC_SHA not a/v
x8d PSK-AES256-CBC-SHA PSK AES 256 TLS_PSK_WITH_AES_256_CBC_SHA not a/v
xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA available
xc009 ECDHE-ECDSA-AES128-SHA ECDH AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA not a/v
xc01f SRP-DSS-AES-128-CBC-SHA SRP AES 128 TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA not a/v
xc01e SRP-RSA-AES-128-CBC-SHA SRP AES 128 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA not a/v
xc01d SRP-AES-128-CBC-SHA SRP AES 128 TLS_SRP_SHA_WITH_AES_128_CBC_SHA not a/v
x33 DHE-RSA-AES128-SHA DH AES 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA not a/v
x32 DHE-DSS-AES128-SHA DH AES 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA not a/v
x31 DH-RSA-AES128-SHA DH/RSA AES 128 TLS_DH_RSA_WITH_AES_128_CBC_SHA not a/v
x30 DH-DSS-AES128-SHA DH/DSS AES 128 TLS_DH_DSS_WITH_AES_128_CBC_SHA not a/v
x9a DHE-RSA-SEED-SHA DH SEED 128 TLS_DHE_RSA_WITH_SEED_CBC_SHA not a/v
x99 DHE-DSS-SEED-SHA DH SEED 128 TLS_DHE_DSS_WITH_SEED_CBC_SHA not a/v
x98 DH-RSA-SEED-SHA DH/RSA SEED 128 TLS_DH_RSA_WITH_SEED_CBC_SHA not a/v
x97 DH-DSS-SEED-SHA DH/DSS SEED 128 TLS_DH_DSS_WITH_SEED_CBC_SHA not a/v
x45 DHE-RSA-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA not a/v
x44 DHE-DSS-CAMELLIA128-SHA DH Camellia 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA not a/v
x43 DH-RSA-CAMELLIA128-SHA DH/RSA Camellia 128 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA not a/v
x42 DH-DSS-CAMELLIA128-SHA DH/DSS Camellia 128 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA not a/v
xc018 AECDH-AES128-SHA ECDH AES 128 TLS_ECDH_anon_WITH_AES_128_CBC_SHA not a/v
x34 ADH-AES128-SHA DH AES 128 TLS_DH_anon_WITH_AES_128_CBC_SHA not a/v
x9b ADH-SEED-SHA DH SEED 128 TLS_DH_anon_WITH_SEED_CBC_SHA not a/v
x46 ADH-CAMELLIA128-SHA DH Camellia 128 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA not a/v
xc00e ECDH-RSA-AES128-SHA ECDH/RSA AES 128 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA not a/v
xc004 ECDH-ECDSA-AES128-SHA ECDH/ECDSA AES 128 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA not a/v
x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA available
xc035 ECDHE-PSK-AES128-CBC-SHA ECDHEPSK AES 128 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA not a/v
x90 DHE-PSK-AES128-CBC-SHA DHEPSK AES 128 TLS_DHE_PSK_WITH_AES_128_CBC_SHA not a/v
x96 SEED-SHA RSA SEED 128 TLS_RSA_WITH_SEED_CBC_SHA not a/v
x41 CAMELLIA128-SHA RSA Camellia 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA not a/v
x07 IDEA-CBC-SHA RSA IDEA 128 TLS_RSA_WITH_IDEA_CBC_SHA not a/v
x94 RSA-PSK-AES128-CBC-SHA RSAPSK AES 128 TLS_RSA_PSK_WITH_AES_128_CBC_SHA not a/v
x8c PSK-AES128-CBC-SHA PSK AES 128 TLS_PSK_WITH_AES_128_CBC_SHA not a/v
x21 KRB5-IDEA-CBC-SHA KRB5 IDEA 128 TLS_KRB5_WITH_IDEA_CBC_SHA not a/v
x25 KRB5-IDEA-CBC-MD5 KRB5 IDEA 128 TLS_KRB5_WITH_IDEA_CBC_MD5 not a/v
xc012 ECDHE-RSA-DES-CBC3-SHA ECDH 3DES 168 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA not a/v
xc008 ECDHE-ECDSA-DES-CBC3-SHA ECDH 3DES 168 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA not a/v
xc01c SRP-DSS-3DES-EDE-CBC-SHA SRP 3DES 168 TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA not a/v
xc01b SRP-RSA-3DES-EDE-CBC-SHA SRP 3DES 168 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA not a/v
xc01a SRP-3DES-EDE-CBC-SHA SRP 3DES 168 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA not a/v
x16 EDH-RSA-DES-CBC3-SHA DH 3DES 168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA not a/v
x13 EDH-DSS-DES-CBC3-SHA DH 3DES 168 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA not a/v
x10 DH-RSA-DES-CBC3-SHA DH/RSA 3DES 168 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA not a/v
x0d DH-DSS-DES-CBC3-SHA DH/DSS 3DES 168 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA not a/v
xc017 AECDH-DES-CBC3-SHA ECDH 3DES 168 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA not a/v
x1b ADH-DES-CBC3-SHA DH 3DES 168 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA not a/v
xc00d ECDH-RSA-DES-CBC3-SHA ECDH/RSA 3DES 168 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA not a/v
xc003 ECDH-ECDSA-DES-CBC3-SHA ECDH/ECDSA 3DES 168 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA not a/v
x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA available
x93 RSA-PSK-3DES-EDE-CBC-SHA RSAPSK 3DES 168 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA not a/v
x8b PSK-3DES-EDE-CBC-SHA PSK 3DES 168 TLS_PSK_WITH_3DES_EDE_CBC_SHA not a/v
x1f KRB5-DES-CBC3-SHA KRB5 3DES 168 TLS_KRB5_WITH_3DES_EDE_CBC_SHA not a/v
x23 KRB5-DES-CBC3-MD5 KRB5 3DES 168 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 not a/v
xc034 ECDHE-PSK-3DES-EDE-CBC-SHA ECDHEPSK 3DES 168 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA not a/v
x8f DHE-PSK-3DES-EDE-CBC-SHA DHEPSK 3DES 168 TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA not a/v
xfeff - RSA 3DES 168 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA not a/v
xffe0 - RSA 3DES 168 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA not a/v
x63 EXP1024-DHE-DSS-DES-CBC-SHA DH(1024) DES 56,exp TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA not a/v
x15 EDH-RSA-DES-CBC-SHA DH DES 56 TLS_DHE_RSA_WITH_DES_CBC_SHA not a/v
x12 EDH-DSS-DES-CBC-SHA DH DES 56 TLS_DHE_DSS_WITH_DES_CBC_SHA not a/v
x0f DH-RSA-DES-CBC-SHA DH/RSA DES 56 TLS_DH_RSA_WITH_DES_CBC_SHA not a/v
x0c DH-DSS-DES-CBC-SHA DH/DSS DES 56 TLS_DH_DSS_WITH_DES_CBC_SHA not a/v
x1a ADH-DES-CBC-SHA DH DES 56 TLS_DH_anon_WITH_DES_CBC_SHA not a/v
x62 EXP1024-DES-CBC-SHA RSA(1024) DES 56,exp TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA not a/v
x09 DES-CBC-SHA RSA DES 56 TLS_RSA_WITH_DES_CBC_SHA not a/v
x1e KRB5-DES-CBC-SHA KRB5 DES 56 TLS_KRB5_WITH_DES_CBC_SHA not a/v
x22 KRB5-DES-CBC-MD5 KRB5 DES 56 TLS_KRB5_WITH_DES_CBC_MD5 not a/v
xfefe - RSA DES 56 SSL_RSA_FIPS_WITH_DES_CBC_SHA not a/v
xffe1 - RSA DES 56 SSL_RSA_FIPS_WITH_DES_CBC_SHA not a/v
x14 EXP-EDH-RSA-DES-CBC-SHA DH(512) DES 40,exp TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA not a/v
x11 EXP-EDH-DSS-DES-CBC-SHA DH(512) DES 40,exp TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA not a/v
x19 EXP-ADH-DES-CBC-SHA DH(512) DES 40,exp TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA not a/v
x08 EXP-DES-CBC-SHA RSA(512) DES 40,exp TLS_RSA_EXPORT_WITH_DES40_CBC_SHA not a/v
x06 EXP-RC2-CBC-MD5 RSA(512) RC2 40,exp TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 not a/v
x27 EXP-KRB5-RC2-CBC-SHA KRB5 RC2 40,exp TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA not a/v
x26 EXP-KRB5-DES-CBC-SHA KRB5 DES 40,exp TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA not a/v
x2a EXP-KRB5-RC2-CBC-MD5 KRB5 RC2 40,exp TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 not a/v
x29 EXP-KRB5-DES-CBC-MD5 KRB5 DES 40,exp TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 not a/v
x0b EXP-DH-DSS-DES-CBC-SHA DH/DSS DES 40,exp TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA not a/v
x0e EXP-DH-RSA-DES-CBC-SHA DH/RSA DES 40,exp TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA not a/v
VULNERABLE -- but also supports higher protocols (possible mitigation) TLSv1.1 TLSv1.2
LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Running client simulations (HTTP) via sockets
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Android 7.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Android 8.1 (native) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Android 9.0 (native) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Android 10.0 (native) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Chrome 74 (Win 10) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Chrome 79 (Win 10) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Firefox 66 (Win 8.1/10) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Firefox 71 (Win 10) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
IE 6 XP No connection
IE 8 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
IE 8 XP TLSv1.0 DES-CBC3-SHA No FS
IE 11 Win 7 TLSv1.2 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
IE 11 Win 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
IE 11 Win Phone 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Edge 15 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Edge 17 (Win 10) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Opera 66 (Win 10) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Safari 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
Safari 12.1 (iOS 12.2) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Safari 13.0 (macOS 10.14.6) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
Java 6u45 TLSv1.0 AES128-SHA No FS
Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
Java 8u161 TLSv1.2 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
Java 11.0.2 (OpenJDK) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Java 12.0.1 (OpenJDK) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES128-SHA 256 bit ECDH (P-256)
OpenSSL 1.1.0l (Debian) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
OpenSSL 1.1.1d (Debian) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Thunderbird (68.3) TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 256 bit ECDH (P-256)
Done 2020-08-29 22:26:19 [ 349s] -->> 52.216.186.211:443 (calculator.s3.amazonaws.com) <<--
Which shows us;
- TLS1.0 and 1.1 are still supported, with a few noticeable ciphers we can exploit for over a decade
- Vulnerable to SWEET32 (CVE-2016-2183, CVE-2016-6329) which has some trivial exploits online for the script kiddies to run without learning much more than how to open a terminal window..
- no OSCP at all, not stabled or the CA enforcement of the must staple flag in the cert.
- Valid for 60 days, meaning we have a very wide chance to wait for IP churn to provide a window to do a DNS version of domain take over.
- Session Side-Jacking seems like a promising attack vector too, but requires further investigation than we have done here
- best for last, those CBC ciphers are a great target to test some very well known padding related attack vectors considering the internet has pretty much gotten rid of CBC ciphers between 2013-2015.
If i can spend a whole 15mins and next to zero technical effort to learn this, and I am not even slightly considered a motivated attacker, or an attacker of any description. What do you think can happen if there is 1 human out there on planet earth targeting your data? Amazon's security won't stop them (clearly), and you have no way to configure Amazon to protect yourself. I guess we can hope that the name Amazon is a deterrent and you're safe in the expanding sea of customers, but the news cycles about S3 breaches tells a very different story about the deterrent quality of an North American corporate to the rest of the world.. You decide, it's your threat model, your risk posture - not mine.
Conclusion
While AWS offer many security features, they allow insecure and deprecated protocol downgrades to TLS 1.0, and support deprecated signature algorithms for their API authentication.
These backwards-compatibility decisions and continued use of deprecated security features are open to attackers who will utilise anything available, they don't stick to the best offered security options.