AWS Security ChangesHomeSearch

AWS AmazonCloudFront documentation change

Service: AmazonCloudFront · 2026-07-10 · Documentation low

File: AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.md

Summary

Expanded ECDSA certificate support from 256-bit to include 384-bit keys and added secp384r1 elliptic curve option.

Security assessment

The change enhances cryptographic options by supporting stronger keys (384-bit) and additional curves, improving security posture. No specific vulnerability is mentioned.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.md b/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.md
index 4c75ab2be..9071fbea3 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.md
@@ -132 +132 @@ For information about how to determine the size of an RSA key, see [Determine th
-CloudFront supports 256-bit keys. To use an ECDSA certificate in ACM to require HTTPS between viewers and CloudFront, use the prime256v1 elliptic curve.
+CloudFront supports 256-bit and 384-bit keys. To use an ECDSA certificate in ACM to require HTTPS between viewers and CloudFront, use the prime256v1 or secp384r1 elliptic curve.