AWS AmazonCloudFront documentation change
Summary
Updated terminology from 'SSL/TLS certificate' to 'TLS certificate' across multiple sections, removed deprecated SSL references, and corrected a documentation link.
Security assessment
The changes remove outdated references to SSL (a deprecated protocol) and standardize on TLS terminology, which reflects modern security practices. However, this is a documentation accuracy update rather than addressing a specific security vulnerability or introducing new security features. No concrete evidence of a patched vulnerability or incident response is present.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.md b/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.md index ed91f13a6..e371ed924 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/CNAMEs.md +++ b//AmazonCloudFront/latest/DeveloperGuide/CNAMEs.md @@ -39 +39 @@ All alternate domain names (CNAMEs) must be lowercase. -**Alternate domain names must be covered by a valid SSL/TLS certificate** +**Alternate domain names must be covered by a valid TLS certificate** @@ -42 +42 @@ All alternate domain names (CNAMEs) must be lowercase. -To add an alternate domain name (CNAME) to a CloudFront distribution, you must attach to your distribution a trusted, valid SSL/TLS certificate that covers the alternate domain name. This ensures that only people with access to your domain’s certificate can associate with CloudFront a CNAME related to your domain. +To add an alternate domain name (CNAME) to a CloudFront distribution, you must attach to your distribution a trusted, valid TLS certificate that covers the alternate domain name. This ensures that only people with access to your domain’s certificate can associate with CloudFront a CNAME related to your domain. @@ -109 +109 @@ If you have an existing wildcard DNS entry that points to a CloudFront distribut -CloudFront includes protection against domain fronting occurring across different AWS accounts. Domain fronting is a scenario in which a non-standard client creates a TLS/SSL connection to a domain name in one AWS account, but then makes an HTTPS request for an unrelated name in another AWS account. For example, the TLS connection might connect to www.example.com, and then send an HTTP request for www.example.org. +CloudFront includes protection against domain fronting occurring across different AWS accounts. Domain fronting is a scenario in which a non-standard client creates a TLS connection to a domain name in one AWS account, but then makes an HTTPS request for an unrelated name in another AWS account. For example, the TLS connection might connect to www.example.com, and then send an HTTP request for www.example.org. @@ -124 +124 @@ If you’re using Route 53 as your DNS service, you can create an alias resource -If you enable IPv6, you must create two alias resource record sets: one to route IPv4 traffic (an A record) and one to route IPv6 traffic (an AAAA record). For more information, see [Enable IPv6](./distribution-web-values-specify.html#DownloadDistValuesEnableIPv6) in the topic [Distribution settings reference](./distribution-web-values-specify.html). +If you enable IPv6, you must create two alias resource record sets: one to route IPv4 traffic (an A record) and one to route IPv6 traffic (an AAAA record). For more information, see [Enable IPv6](./DownloadDistValuesGeneral.html#DownloadDistValuesEnableIPv6) in the topic [All distribution settings reference](./distribution-web-values-specify.html).