AWS AmazonCloudFront high security documentation change
Summary
Added TLSv1.3_2025 security policy and updated related documentation
Security assessment
Introduces TLSv1.3_2025 as a new security policy, enhancing encryption standards. This addresses modern security best practices by deprecating older TLS versions, though no specific vulnerability is cited.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesGeneral.md b/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesGeneral.md index e9d215392..8a9a09de2 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesGeneral.md +++ b//AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesGeneral.md @@ -151,0 +152,2 @@ The security policies that are available depend on the values that you specify f + * TLSv1.3_2025 + @@ -170 +172 @@ The security policies that are available depend on the values that you specify f -In this configuration, the TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, and TLSv1_2016 security policies aren’t available in the CloudFront console or API. If you want to use one of these security policies, you have the following options: +In this configuration, the TLSv1.3_2025, TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, and TLSv1_2016 security policies aren’t available in the CloudFront console or API. If you want to use one of these security policies, you have the following options: @@ -174 +176 @@ In this configuration, the TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_201 - * If you must keep Legacy Clients Support with dedicated IP addresses, you can request one of the other TLS security policies (TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, or TLSv1_2016) by creating a case in the [AWS Support Center](https://console.aws.amazon.com/support/home). + * If you must keep Legacy Clients Support with dedicated IP addresses, you can request one of the other TLS security policies (TLSv1.3_2025, TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, or TLSv1_2016) by creating a case in the [AWS Support Center](https://console.aws.amazon.com/support/home). @@ -180 +182 @@ Before you contact AWS Support to request this change, consider the following: - * When you add one of these security policies (TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, or TLSv1_2016) to a Legacy Clients Support distribution, the security policy is applied to _all_ non-SNI viewer requests for _all_ Legacy Clients Support distributions in your AWS account. However, when viewers send SNI requests to a distribution with Legacy Clients Support, the security policy of that distribution applies. To make sure that your desired security policy is applied to _all_ viewer requests sent to _all_ Legacy Clients Support distributions in your AWS account, add the desired security policy to each distribution individually. + * When you add one of these security policies (TLSv1.3_2025, TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, or TLSv1_2016) to a Legacy Clients Support distribution, the security policy is applied to _all_ non-SNI viewer requests for _all_ Legacy Clients Support distributions in your AWS account. However, when viewers send SNI requests to a distribution with Legacy Clients Support, the security policy of that distribution applies. To make sure that your desired security policy is applied to _all_ viewer requests sent to _all_ Legacy Clients Support distributions in your AWS account, add the desired security policy to each distribution individually.