For me all connection to amazon.com is unencrypted :o Did they just remove ssl f...

AhtiK · on April 12, 2014

Url from this post (https://s3.amazonaws.com/) redirects to HTTP://aws.amazon.com/s3/

307 Temporary Redirect

Location: http://aws.amazon.com/s3 [following]

Going directly to https://aws.amazon.com/s3/ keeps the SSL cert, which does not seem to be revoked and is issued at 4/8/14.

SHA1 fingerprint:

E0 D2 E0 2E 20 F2 CE 80 AE 16 93 CA 86 2C 5A 14 54 26 28 F5

EDIT: Now 45 minutes later https://s3.amazonaws.com responded with a REVOKED certificate issued 4/8/14, SHA1 fingerprint:

0C F0 6A F0 5C C4 C4 44 E1 DB 92 25 F0 99 4F EC 6B 5E 4A B5

I failed to grab initial https://s3.amazonaws.com cert that passed chrome revocation list check. Which could have been also due to the revocation service timeout because in that case AFAIK no revocation check is performed and cert is silently accepted.

e12e · on April 12, 2014

Hm, and encrypted with RC4 128 bit for me. Maybe it's time to check the client-side cipher settings...

cradle · on April 12, 2014

p7b export of E0 D2 E0 key https://github.com/cradle/certs/blob/master/amazon.s3.p7b?ra...

neo2001 · on April 12, 2014

Same here,

HTTP/1.1 307 Temporary Redirect Location: http://aws.amazon.com/s3

galapago · on April 12, 2014

No encryption here as well.

bryanwbh · on April 12, 2014

Just checked, no encryption for me here