AWS AmazonCloudFront documentation change
Summary
Clarified quantum-safe key exchange support (TLS 1.3 only) and updated elliptic curve naming conventions.
Security assessment
Documents quantum-safe cryptographic features, which are security-related enhancements. No evidence of addressing a specific vulnerability.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.md b/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.md index 1f76475cb..444ea04d3 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.md +++ b//AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.md @@ -63 +63 @@ OpenSSL and [s2n](https://github.com/awslabs/s2n) use different names for cipher -For ciphers with elliptic curve key exchange algorithms, CloudFront supports the following elliptic curves: +CloudFront supports both classical and quantum-safe key exchanges. For classical key exchanges using elliptic curves, CloudFront supports the following: @@ -65 +65 @@ For ciphers with elliptic curve key exchange algorithms, CloudFront supports the - * prime256v1 + * `prime256v1` @@ -67 +67 @@ For ciphers with elliptic curve key exchange algorithms, CloudFront supports the - * X25519 + * `X25519` @@ -69 +69 @@ For ciphers with elliptic curve key exchange algorithms, CloudFront supports the - * secp384r1 + * `secp384r1` @@ -74 +74 @@ For ciphers with elliptic curve key exchange algorithms, CloudFront supports the -CloudFront supports the following post-quantum (PQ) key exchange algorithms: +For quantum-safe key exchanges, CloudFront supports the following: @@ -76 +76 @@ CloudFront supports the following post-quantum (PQ) key exchange algorithms: - * X25519MLKEM768 + * `X25519MLKEM768` @@ -78 +78,5 @@ CloudFront supports the following post-quantum (PQ) key exchange algorithms: - * SecP256r1MLKEM768 + * `SecP256r1MLKEM768` + +###### Note + +Quantum-safe key exchanges are only supported with TLS 1.3. TLS 1.2 and earlier versions do not support quantum-safe key exchanges.