AWS ses documentation change
Summary
Clarified opportunistic TLS implementation details (STARTTLS usage and connection flow)
Security assessment
Adds technical specifics about TLS encryption methods but does not indicate a security vulnerability fix. Enhances documentation of existing security protocols without evidence of addressing a specific security issue.
Diff
diff --git a/ses/latest/dg/security-protocols.md b/ses/latest/dg/security-protocols.md index f6e11dfa6..d8f50480b 100644 --- a//ses/latest/dg/security-protocols.md +++ b//ses/latest/dg/security-protocols.md @@ -38 +38 @@ While TLS 1.3 is our default delivery method, SES can deliver email to mail serv -By default, Amazon SES uses _opportunistic TLS_. This means that Amazon SES always attempts to make a secure connection to the receiving mail server. If Amazon SES can't establish a secure connection, it sends the message unencrypted. +By default, Amazon SES uses _opportunistic TLS_. Opportunistic TLS in SES always uses STARTTLS and does not include the TLS Wrapper. The flow involves establishing an initial plaintext connection, followed by upgrading to a TLS-encrypted session if both the client and server support STARTTLS. If SES can't establish a secure connection, it sends the message unencrypted.