AWS Security ChangesHomeSearch

AWS AmazonCloudFront medium security documentation change

Service: AmazonCloudFront · 2026-01-07 · Security-related medium

File: AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md

Summary

Removed secp384r1 from allowed ECDSA curves for trust store certificates

Security assessment

Reduces supported cryptographic algorithms, potentially addressing vulnerabilities in elliptic curve cryptography (e.g., weakening older algorithms)

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md b/AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md
index b3f87e5a6..592bccb10 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/trust-stores-certificate-management.md
@@ -55 +55 @@ Trust stores have specific requirements for the CA certificates they contain:
-    * ECDSA: secp256r1, secp384r1
+    * ECDSA: secp256r1