AWS update TLS version from tls1.1 to tls1.2 in django using SES smtp – Django

The Problem:

AWS has identified that your server has been using TLS 1.0 or TLS 1.1 to connect to AWS APIs through AWS SES, which needs to be updated to TLS 1.2 or higher to maintain AWS connectivity.

You have multiple projects running on the same server using SES, but you are unsure which projects are using TLS 1.0 or 1.1.

You need to determine which projects are using TLS 1.0 or 1.1 and update them to use TLS 1.2.

Your current settings for sending emails using Django are:

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = '<AWS SMTP endpoint>'
EMAIL_HOST_USER = os.getenv('AWS_SES_SMTP_USERNAME')
EMAIL_HOST_PASSWORD = os.getenv('AWS_SES_SMTP_PASSWORD')
EMAIL_USE_TLS = True
EMAIL_PORT = 587
DEFAULT_FROM_EMAIL = os.getenv('DEFAULT_FROM_EMAIL')
DEFAULT_TO_EMAIL = os.getenv('DEFAULT_TO_EMAIL')

And you are using the send_mail function from django.core.mail to send emails. You are using OpenSSL version 1.0.1f on the server and boto3 version 1.12.48 in your virtual environment.

The Solutions:

Solution 1: Use CloudTrail logs

To determine which TLS version is being used, you can check the CloudTrail logs in CloudWatch, assuming they are enabled for your AWS account. These logs will record the TLS version used for each SMTP connection.

Video Explanation:

The following video, titled "AWS re:Inforce 2022 - Uplifting AWS service API data protection to ...", provides additional insights and in-depth exploration related to the topics discussed in this post.

AWS is constantly raising the bar to help customers use the most modern Transport Layer Security (TLS) encryption protocols, ...