Skip to main content


CloudFront Origin SSL Protocols should not use insecure Ciphers


Best practices recommend not using vulnerable SSL ciphers for communicating between a Content Delivery Network (CDN) destination origin and CloudFront. Violations reported when using the SSLv3 protocol for CDN destination origin.


Unset the Distribution Origin SSL Protocols SSLv3 checkbox.

  1. Log in to the AWS Management Console.
  2. Select Services.
  3. Select CloudFront.
  4. Select the Distribution to edit.
  5. Select the Origins tab.
  6. Select the Origin to edit and select Edit.
  7. Under Minimum origin SSL protocol, select a protocol other than SSLv3.
  8. Select Save changes.