Recently I have received an email from AWS that has identified few endpoints using AWS SES for sending mails.
We have identified TLS 1.0 or TLS 1.1 connections to AWS APIs from your account that must be updated for you to maintain AWS connectivity. Please update your client software as soon as possible to use TLS 1.2 or higher to avoid an availability impact. We recommend considering the time needed to verify your changes in a staging environment before introducing them into production...
Now AWS has only provided me ip address (which is my server's IP), message Id, and tls version. I have multiple projects running on that server and using the same SES to send mails.
Region | Event | Message ID | Source IP | TLS Version
<region-of-my-aws-account> | SMTP Message | <smtp-message-id> | <ip-address> | TLSv1 |
Im still unsure which ones are using which TLS version. I want to pinpoint my project which is using TLS 1.1/1.0
Is there a way maybe I can print TLS version along in my log files while sending mail?
my settings are as follows:
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = '<AWS SMTP endpoint>'
EMAIL_HOST_USER = os.getenv('AWS_SES_SMTP_USERNAME')
EMAIL_HOST_PASSWORD = os.getenv('AWS_SES_SMTP_PASSWORD')
EMAIL_USE_TLS = True
EMAIL_PORT = 587
DEFAULT_FROM_EMAIL = os.getenv('DEFAULT_FROM_EMAIL')
DEFAULT_TO_EMAIL = os.getenv('DEFAULT_TO_EMAIL')
and where im sending mail i use the following function
from django.core.mail import send_mail
send_mail(subject=subject, message=message, from_email=settings.DEFAULT_FROM_EMAIL,
recipient_list= settings.PUBLISHERS_EMAIL_RECIPIENT)
where PUBLISHERS_EMAIL_RECIPIENT = ['email1', 'email2'...] in settings file
some information regarding my packages:
openssl=1.0.1f (server)
boto3==1.12.48 (venv)
botocore==1.15.48 (venv)
I think my openssl supports tls1.2 Im just confused now what to do. Like how to determine and what to update in order to start using tls1.2 because right now Im not sure which version of tls is being used?
Any help would be appreciated.
