AWS AmazonCloudFront documentation change
Summary
Added documentation for mutual TLS (mTLS) authentication support and client certificate validation
Security assessment
Documents new mTLS capability that enhances authentication security but does not address a specific disclosed vulnerability
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.md b/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.md index cbdafa984..898508a5f 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.md +++ b//AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.md @@ -141,0 +142,6 @@ Also note that the `X-Forwarded-For` header may be modified by every node on the +CloudFront supports mutual TLS (mTLS) authentication where both the client and server authenticate each other using certificates. With mTLS configured, CloudFront can validate client certificates during the TLS handshake and optionally run CloudFront Functions to implement custom validation logic. + +For origins that request client-side certificates when mTLS is not configured, CloudFront drops the request. + +For more information about configuring mTLS, see [Associate a CloudFront Connection Function](./connection-functions.html). +