AWS AmazonCloudFront documentation change
Summary
Expanded ECDSA certificate support from 256-bit to include 384-bit keys and added secp384r1 elliptic curve option.
Security assessment
The change enhances cryptographic options by supporting stronger keys (384-bit) and additional curves, improving security posture. No specific vulnerability is mentioned.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.md b/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.md index 4c75ab2be..9071fbea3 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.md +++ b//AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.md @@ -132 +132 @@ For information about how to determine the size of an RSA key, see [Determine th -CloudFront supports 256-bit keys. To use an ECDSA certificate in ACM to require HTTPS between viewers and CloudFront, use the prime256v1 elliptic curve. +CloudFront supports 256-bit and 384-bit keys. To use an ECDSA certificate in ACM to require HTTPS between viewers and CloudFront, use the prime256v1 or secp384r1 elliptic curve.