Does the TLS version upgrade to 1.2 also effect CloudFront distributions

Question

Will the [AWS TLS Version change](https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/) also change the default TLS Version of a CloudFront distribution, which using the Default CloudFront Certificate(*.cloudfront.net) ? Currently, TLSv1 is used for this one.

Some background from the terraform docs:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#minimum_protocol_version

Accepted Answer

No, it doesn't apply to CloudFront distributions. The announcement you've linked to is all about AWS API endpoints. So if you were calling EC2, SQS or even CloudFront to perform some action to modify/launch/configure something in those services then TLS 1.2 is becoming the default.

For CloudFront distributions, you [get to control the ciphers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html) for your distributions. We encourage the use of newer, more secure protocols but also appreciate that there might be some clients for your applications that don't support them.

Does the TLS version upgrade to 1.2 also effect CloudFront distributions

相关内容