AWS AmazonCloudFront medium security documentation change
Summary
Added TLSv1.2_2025 security policy (FIPS140-3-compliant) and updated references to include it in policy lists and documentation
Security assessment
The addition of TLSv1.2_2025 explicitly addresses compliance with FIPS140-3 standards, which is a security-related enhancement. The documentation updates ensure users are aware of newer cryptographic protocols, directly impacting security posture.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesGeneral.md b/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesGeneral.md index 69b6efa27..99f6e60a2 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesGeneral.md +++ b//AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesGeneral.md @@ -155,0 +156,2 @@ The security policies that are available depend on the values that you specify f + * TLSv1.2_2025 + @@ -174 +176 @@ The security policies that are available depend on the values that you specify f -In this configuration, the TLSv1.3_2025, TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, and TLSv1_2016 security policies aren’t available in the CloudFront console or API. If you want to use one of these security policies, you have the following options: +In this configuration, the TLSv1.3_2025, TLSv1.2_2025, TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, and TLSv1_2016 security policies aren’t available in the CloudFront console or API. If you want to use one of these security policies, you have the following options: @@ -178 +180 @@ In this configuration, the TLSv1.3_2025, TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_201 - * If you must keep Legacy Clients Support with dedicated IP addresses, you can request one of the other TLS security policies (TLSv1.3_2025, TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, or TLSv1_2016) by creating a case in the [AWS Support Center](https://console.aws.amazon.com/support/home). + * If you must keep Legacy Clients Support with dedicated IP addresses, you can request one of the other TLS security policies (TLSv1.3_2025, TLSv1.2_2025, TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, or TLSv1_2016) by creating a case in the [AWS Support Center](https://console.aws.amazon.com/support/home). @@ -184 +186 @@ Before you contact AWS Support to request this change, consider the following: - * When you add one of these security policies (TLSv1.3_2025, TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, or TLSv1_2016) to a Legacy Clients Support distribution, the security policy is applied to _all_ non-SNI viewer requests for _all_ Legacy Clients Support distributions in your AWS account. However, when viewers send SNI requests to a distribution with Legacy Clients Support, the security policy of that distribution applies. To make sure that your desired security policy is applied to _all_ viewer requests sent to _all_ Legacy Clients Support distributions in your AWS account, add the desired security policy to each distribution individually. + * When you add one of these security policies (TLSv1.3_2025, TLSv1.2_2025, TLSv1.2_2021, TLSv1.2_2019, TLSv1.2_2018, TLSv1.1_2016, or TLSv1_2016) to a Legacy Clients Support distribution, the security policy is applied to _all_ non-SNI viewer requests for _all_ Legacy Clients Support distributions in your AWS account. However, when viewers send SNI requests to a distribution with Legacy Clients Support, the security policy of that distribution applies. To make sure that your desired security policy is applied to _all_ viewer requests sent to _all_ Legacy Clients Support distributions in your AWS account, add the desired security policy to each distribution individually.