Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon SDK for Kotlin support for Transport Layer Security (TLS)

The following information applies only to Java SSL implementation (the default SSL implementation in the Amazon SDK for Kotlin targeting the JVM). If you’re using a different SSL implementation, see your specific SSL implementation to learn how to enforce TLS versions.

TLS support in Java

To work with Amazon services, the underlying JDK must support a minimum version of TLS 1.2, but TLS 1.3 is recommended. TLS 1.3 is the prerequisite to enable post-quantum cryptography, which may require additional actions or configurations. To learn more, see Enabling hybrid post-quantum TLS.

TLS 1.2 is supported starting in Java 7. TLS 1.3 is supported starting in Java 11, although some JVM vendors have backported support into earlier Java versions.

How to check the TLS version

To check which TLS versions are supported in your Java virtual machine (JVM), you can use the following code.

println(SSLContext.getDefault().supportedSSLParameters.protocols.joinToString(separator = ", "))

To see the SSL handshake in action and what version of TLS is used, you can use the system property javax.net.debug.

-Djavax.net.debug=ssl