Enhanced Security with TLS 1.3 Support in RDS Proxy
The Amazon Relational Database Service (RDS) Proxy has taken a significant step forward by incorporating support for version 1.3 of the Transport Layer Security (TLS) protocol. This enhancement is particularly relevant for connections to Amazon Aurora PostgreSQL and RDS for PostgreSQL database instances. The introduction of TLS 1.3 brings forth a suite of advantages, including stronger cryptographic algorithms and a more streamlined handshake process, which collectively enhance security compared to its predecessors.
With this update, RDS Proxy is now capable of utilizing TLS 1.3 for establishing connections with both Aurora PostgreSQL and RDS for PostgreSQL databases. During the connection setup, the Proxy will automatically negotiate the highest level of security by selecting the most secure TLS version supported by the database. For those who wish to enforce the use of TLS 1.3 exclusively, PostgreSQL databases can be configured accordingly by adjusting the ssl_min_protocol_version parameter within their parameter group.
It is worth noting that TLS 1.3 support is not limited to PostgreSQL; it is also available for connections to RDS Proxy for MySQL engines. This versatility underscores the commitment to enhancing security across various database environments.
RDS Proxy itself is a fully managed and highly available database proxy designed to optimize the performance and reliability of RDS and Amazon Aurora databases. By leveraging RDS Proxy, users can achieve improved application scalability, resiliency, and security.
For those interested in delving deeper into TLS version support and configuration specifics for Aurora, the Aurora documentation serves as a valuable resource. Additionally, information regarding supported database engine versions and the regional availability of RDS Proxy can be found in the RDS documentation and the Aurora documentation.
