zlacker

[return to "Tell HN: HN Moved from M5 to AWS"]
1. wging+j6[view] [source] 2022-07-09 02:25:26
>>1vuio0+(OP)
> Unlike CF, AWS does not support TLS1.3. This is not working while HN uses the AWS IP.

This seemed implausible so I looked into it, and it's wrong as stated (at best, it needs to be made more precise to capture what you intended). First, you've mentioned Cloudflare, but the equivalent AWS product (CloudFront) does support TLS 1.3 (https://aws.amazon.com/about-aws/whats-new/2020/09/cloudfron...).

HN isn't behind CloudFront, though, so you probably mean their HTTP(s) load balancers (ALB) don't support TLS 1.3. Even that's an incomplete view of the load balancing picture, since the network load balancers (NLB) do support TLS 1.3, https://aws.amazon.com/about-aws/whats-new/2021/10/aws-netwo....

◧◩
2. 19h+Oe1[view] [source] 2022-07-09 14:02:09
>>wging+j6
TLS 1.3 needs to be explicitly enabled in CloudFront
◧◩◪
3. Matthi+dT1[view] [source] 2022-07-09 18:00:54
>>19h+Oe1
No - it's enabled by default for all available security policies. CloudFront allows to configure the minimum TLS version - the maximum is always TLS1.3.

https://docs.aws.amazon.com/AmazonCloudFront/latest/Develope...

However HN is not using CloudFront - so this doesn't matter for evaluating why HN is not supporting TLS1.3

[go to top]