github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudfront/AVD-AWS-0013/docs.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudfront/AVD-AWS-0013/docs.md (about)

     1  
     2  You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.
     3  		
     4  Note: that setting *minimum_protocol_version = "TLSv1.2_2021"* is only possible when *cloudfront_default_certificate* is false (eg. you are not using the cloudfront.net domain name). 
     5  If *cloudfront_default_certificate* is true then the Cloudfront API will only allow setting *minimum_protocol_version = "TLSv1"*, and setting it to any other value will result in a perpetual diff in your *terraform plan*'s. 
     6  The only option when using the cloudfront.net domain name is to ignore this rule.
     7  
     8  ### Impact
     9  Outdated SSL policies increase exposure to known vulnerabilities
    10  
    11  <!-- DO NOT CHANGE -->
    12  {{ remediationActions }}
    13  
    14  ### Links
    15  - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html
    16  
    17