AWS redshift high security documentation change
Summary
Added TLS 1.2 enforcement notice effective October 2025, requiring client/driver updates
Security assessment
TLS 1.0/1.1 deprecation directly addresses known cryptographic weaknesses (e.g., POODLE, BEAST). The change mitigates man-in-the-middle attacks by enforcing modern TLS versions, making it a concrete security improvement.
Diff
diff --git a/redshift/latest/mgmt/behavior-changes.md b/redshift/latest/mgmt/behavior-changes.md index a43f45fc8..5779964e7 100644 --- a//redshift/latest/mgmt/behavior-changes.md +++ b//redshift/latest/mgmt/behavior-changes.md @@ -14,0 +15,29 @@ The following describes upcoming behavior changes. +### Minimum Transport Layer Security (TLS) version changes effective after October 31, 2025 + +Beginning October 31, 2025, Amazon Redshift will enforce a minimum Transport Layer Security (TLS) version of 1.2. Incoming connections that use TLS versions 1.0 or 1.1 will be rejected. This applies to both Amazon Redshift provisioned clusters and serverless workgroups. + +This update might impact you if you use TLS versions 1.0 or 1.1 to connect to Amazon Redshift. + +To verify which TLS version you are currently using, you can: + +For Amazon Redshift Provisioned: Check the sslversion column in the STL_CONNECTION_LOG system table [1]. + +For Amazon Redshift Serverless Workgroup: Check the ssl_version column in the SYS_CONNECTION_LOG system table [2]. + +To maintain uninterrupted access to your Amazon Redshift data warehouse after this change, please follow the steps listed below: + + 1. Update your client to support TLS 1.2 or higher + + 2. Install the latest driver version with TLS 1.2+ support + + + + +We recommend using the latest version of the Amazon Redshift driver [3] if possible. + +[1] <https://docs.aws.amazon.com/redshift/latest/dg/r_STL_CONNECTION_LOG.html> + +[2] <https://docs.aws.amazon.com/redshift/latest/dg/SYS_CONNECTION_LOG.html> + +[3] <https://docs.aws.amazon.com/redshift/latest/mgmt/configuring-connections.html> +