diff --git a/core/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java b/core/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java
index 4f204966875..fdc0d4e4acd 100644
--- a/core/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java
+++ b/core/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java
@@ -61,7 +61,35 @@ final class ESPolicy extends Policy {
             }
         }
 
+        // Special handling for broken AWS code which destroys all SSL security
+        // REMOVE THIS when https://github.com/aws/aws-sdk-java/pull/432 is fixed
+        if (permission instanceof RuntimePermission && "accessClassInPackage.sun.security.ssl".equals(permission.getName())) {
+            for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
+                if ("com.amazonaws.http.conn.ssl.SdkTLSSocketFactory".equals(element.getClassName()) &&
+                      "verifyMasterSecret".equals(element.getMethodName())) {
+                    // we found the horrible method: the hack begins!
+                    // force the aws code to back down, by throwing an exception that it catches.
+                    rethrow(new IllegalAccessException("no amazon, you cannot do this."));
+                }
+            }
+        }
         // otherwise defer to template + dynamic file permissions
         return template.implies(domain, permission) || dynamic.implies(permission);
     }
+
+    /**
+     * Classy puzzler to rethrow any checked exception as an unchecked one.
+     */
+    private static class Rethrower<T extends Throwable> {
+        private void rethrow(Throwable t) throws T {
+            throw (T) t;
+        }
+    }
+
+    /**
+     * Rethrows <code>t</code> (identical object).
+     */
+    private void rethrow(Throwable t) {
+        new Rethrower<Error>().rethrow(t);
+    }
 }
diff --git a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy
index aa88fba02e5..befeef41bbd 100644
--- a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy
+++ b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy
@@ -86,8 +86,6 @@ grant {
   // reflection hacks:
   // needed by groovy engine
   permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
-  // needed by aws core sdk (TODO: look into this)
-  permission java.lang.RuntimePermission "accessClassInPackage.sun.security.ssl";
   
   // needed by RandomizedRunner
   permission java.lang.RuntimePermission "accessDeclaredMembers";
diff --git a/plugins/repository-s3/rest-api-spec/test/repository_s3/20_repository.yaml b/plugins/repository-s3/rest-api-spec/test/repository_s3/20_repository.yaml
index 9891c3e3adf..69b50b66530 100644
--- a/plugins/repository-s3/rest-api-spec/test/repository_s3/20_repository.yaml
+++ b/plugins/repository-s3/rest-api-spec/test/repository_s3/20_repository.yaml
@@ -1,9 +1,6 @@
 # Integration tests for Repository S3 component
 #
 "S3 repository can be registereed":
-    - skip:
-        version: "all"
-        reason:  does not work on java9, see https://github.com/aws/aws-sdk-java/pull/432
     - do:
         snapshot.create_repository:
           repository: test_repo_s3_1