AWS AmazonCloudFront medium security documentation change
Summary
Updated supported TLS protocols for CloudFront-to-origin communication to include TLSv1.3 and changed default protocol for S3 origins to TLSv1.3
Security assessment
Adding TLSv1.3 support and making it the default for S3 origins improves encryption standards, addressing potential weaknesses in older TLS versions. TLSv1.3 provides stronger security guarantees, reducing attack surface.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.md b/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.md index 29219ba01..cbdafa984 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.md +++ b//AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.md @@ -186 +186 @@ You can require viewers to use HTTPS to send requests to CloudFront and require -CloudFront forwards HTTPS requests to the origin server using the SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2 protocols. For custom origins, you can choose the SSL protocols that you want CloudFront to use when communicating with your origin: +CloudFront forwards HTTPS requests to the origin server using the SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3 protocols. For custom origins, you can choose the SSL protocols that you want CloudFront to use when communicating with your origin: @@ -195 +195 @@ CloudFront forwards HTTPS requests to the origin server using the SSLv3, TLSv1.0 -If the origin is an Amazon S3 bucket, CloudFront always uses TLSv1.2. +If the origin is an Amazon S3 bucket, CloudFront will default to TLSv1.3.