AWS kms documentation change
Summary
Removed regional restrictions for post-quantum TLS support and deleted performance benchmark section
Security assessment
Expands documentation of post-quantum TLS availability to all supported regions, enhancing clarity on security features. No direct evidence of addressing a security vulnerability.
Diff
diff --git a/kms/latest/developerguide/pqtls.md b/kms/latest/developerguide/pqtls.md index b985e6cf8..35f74aad1 100644 --- a//kms/latest/developerguide/pqtls.md +++ b//kms/latest/developerguide/pqtls.md @@ -32,5 +32 @@ As always, we welcome your feedback and participation in our open-source reposit -Post-quantum TLS for AWS KMS is available in all AWS Regions that AWS KMS supports except for China (Beijing) and China (Ningxia). - -###### Note - -AWS KMS does not support hybrid post-quantum TLS for FIPS endpoints in AWS GovCloud (US). +Post-quantum TLS for AWS KMS is available in all AWS Regions that AWS KMS supports. @@ -70,4 +65,0 @@ For a list of AWS KMS endpoints for each AWS Region, see [AWS Key Management Ser -**Expected Performance** - -Our early benchmark testing shows that the hybrid cipher suites in s2n-tls are slower than classic TLS cipher suites. The effect varies based on the network profile, CPU speed, the number of cores, and your call rate. For more information, see [AWS post-quantum cryptography migration plan](https://aws.amazon.com/blogs/security/aws-post-quantum-cryptography-migration-plan/). -