AWS Security ChangesHomeSearch

AWS apigateway medium security documentation change

Service: apigateway · 2025-08-13 · Security-related medium

File: apigateway/latest/developerguide/apigateway-custom-domain-tls-version.md

Summary

Updated TLS 1.0 security policy documentation to include TLS 1.1 as an accepted protocol

Security assessment

The change explicitly adds TLS 1.1 (a deprecated/insecure protocol) to the list of accepted protocols for the TLS 1.0 security policy. This could mislead users into believing insecure protocols are acceptable, increasing exposure to vulnerabilities like POODLE or BEAST.

Diff

diff --git a/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.md b/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.md
index 0913d5c92..b0ed14cc7 100644
--- a//apigateway/latest/developerguide/apigateway-custom-domain-tls-version.md
+++ b//apigateway/latest/developerguide/apigateway-custom-domain-tls-version.md
@@ -22 +22 @@ In custom domain settings, a security policy determines two settings:
-If you choose a TLS 1.0 security policy, the security policy accepts TLS 1.0, TLS 1.2, and TLS 1.3 traffic. If you choose a TLS 1.2 security policy, the security policy accepts TLS 1.2 and TLS 1.3 traffic and rejects TLS 1.0 traffic.
+If you choose a TLS 1.0 security policy, the security policy accepts TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 traffic. If you choose a TLS 1.2 security policy, the security policy accepts TLS 1.2 and TLS 1.3 traffic and rejects TLS 1.0 traffic.