AWS AmazonRDS high security documentation change
Summary
Added automatic minor version upgrade details and disabled legacy security protocols by default
Security assessment
Explicitly disables insecure protocols (TLS 1.0/1.1, RC4) in newer versions, addressing known cryptographic weaknesses
Diff
diff --git a/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.SQLServer.md b/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.SQLServer.md index f53856aad..4a5c4ff7a 100644 --- a//AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.SQLServer.md +++ b//AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.SQLServer.md @@ -13 +13,27 @@ _Major version upgrades_ can contain database changes that are not backward-comp -In contrast, _minor version upgrades_ include only changes that are backward-compatible with existing applications. You can initiate a minor version upgrade _manually_ by modifying your DB instance. +_Minor version upgrades_ contain only changes that are backward-compatible with existing applications. You can upgrade the minor version for your DB instance in two ways: + + * _Manually_ – Modify your DB instance to initiate the upgrade + + * _Automatically_ – Enable automatic minor version upgrades for your DB instance + + + + +When you enable automatic minor version upgrades, RDS for SQL Server automatically upgrades your database instance during scheduled maintenance windows when critical security updates are available in a newer minor version. + +For minor engine versions after `16.00.4120.1`, `15.00.4365.2`, `14.00.3465.1`, `13.00.6435.1`, the following security protocols are disabled by default: + + * `rds.tls10` (TLS 1.0 protocol) + + * `rds.tls11` (TLS 1.1 protocol) + + * `rds.rc4` (RC4 cipher) + + * `rds.curve25519` (Curve25519 encryption) + + * `rds.3des168` (Triple DES encryption) + + + + +For earlier engine versions, Amazon RDS enables these security protocols by default.